Created
November 9, 2018 00:00
-
-
Save chrissmith-mcafee/110ad16fd8bf999bde19c67593e4e58f to your computer and use it in GitHub Desktop.
This Node-RED flow ensures that systems within McAfee ePO are tagged to indicate what policies are currently applied within Cisco ISE Adaptive Network Control (ANC)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"id": "454f293f.10a098", | |
"type": "tab", | |
"label": "Tag System when ISE Policy Applied", | |
"disabled": false, | |
"info": "This flow ensures that systems within McAfee ePO are tagged to indicate\r\nwhat policies are currently applied within Cisco ISE Adaptive Network \r\nControl (ANC). When an ANC policy is applied, the corresponding system is\r\nlocated within ePO and tagged approriately. When an ANC policy is removed,\r\nthe corresponding system is located within ePO and untagged appropriately.\r\n\r\n### Prerequisites\r\n\r\n* The Node-RED DXL client configuration step has been completed (see\r\n [Client Configuration](https://opendxl.github.io/node-red-contrib-dxl/jsdoc/tutorial-configuration.html)).\r\n* The DXL fabric to which the Node-RED DXL client will connect has been bridged to Cisco\r\n pxGrid.\r\n* An ePO DXL service is running and available on the DXL fabric. If version 5.0\r\n or later of the DXL ePO extensions are installed on your ePO server, an ePO\r\n DXL service should already be running on the fabric. If you are using an\r\n earlier version of the DXL ePO extensions, you can use the\r\n [ePO DXL Python Service](https://github.com/opendxl/opendxl-epo-service-python).\r\n* The Node-RED DXL client is authorized to perform the `apply tag`, `clear tag`,\r\n and `find system` operations within ePO (see\r\n [Client Authorization](https://opendxl.github.io/opendxl-epo-client-python/pydoc/authorization.html)).\r\n* The Node-RED DXL client is authorized to perform `DXL Cisco pxGrid Queries`\r\n (see [Authorize Client to Use Cisco pxGrid via DXL](https://opendxl.github.io/opendxl-pxgrid-client-python/pydoc/pxgridauth.html))\r\n* The following Node-RED modules have been installed:\r\n * [Node-RED config node](https://flows.nodered.org/node/node-red-contrib-config) (included in OpenDXL Node-RED Docker image)\r\n * [DXL Node-RED nodes](https://flows.nodered.org/node/@opendxl/node-red-contrib-dxl) (included in OpenDXL Node-RED Docker image)\r\n * [McAfee ePolicy Orchestrator (ePO) DXL nodes for Node-RED](https://flows.nodered.org/node/@opendxl/node-red-contrib-dxl-epo-client)\r\n * [Cisco pxGrid DXL nodes for Node-RED](https://flows.nodered.org/node/@opendxl/node-red-contrib-dxl-pxgrid-client) \r\n\r\n### Setup\r\n\r\n* Configure the `Configure: ISE Policy to ePO Tag Mapping` node. This node \r\n contains a mapping that maps between the ISE policy name and the \r\n corresponding tag name within ePO (see below).\r\n\r\n```javascript\r\n{\r\n \"shut_down_policy\": \"ISE_shut_down_policy\",\r\n \"port_bounce_policy\": \"ISE_port_bounce_policy\",\r\n \"quarantine_policy\": \"ISE_quarantine_policy\"\r\n}\r\n```\r\n\r\nThis mapping should be updated to reflect your Cisco ISE ANC policy names and corresponding tag\r\nnames within ePO. Each of the ePO tag names must be created within ePO (they \r\nare not automatically created).\r\n" | |
}, | |
{ | |
"id": "74ea78ed.44fa38", | |
"type": "function", | |
"z": "454f293f.10a098", | |
"name": "Extract IP Address from Result", | |
"func": "if(msg.payload.length)\n msg.names = msg.payload[0]['EPOComputerProperties.IPAddress'];\n\nif(msg.names)\n node.send(msg);\nelse\n node.warn(\"Unable to find IP address for: \" + msg.macAddress);", | |
"outputs": 1, | |
"noerr": 0, | |
"x": 490, | |
"y": 740, | |
"wires": [ | |
[ | |
"fc467203.f8911" | |
] | |
] | |
}, | |
{ | |
"id": "326a995c.504086", | |
"type": "function", | |
"z": "454f293f.10a098", | |
"name": "Format System Find Request", | |
"func": "msg.macAddress = msg.payload.macAddress;\nmsg.searchText = msg.macAddress.replace(/:/g,'');\nreturn msg;", | |
"outputs": 1, | |
"noerr": 0, | |
"x": 480, | |
"y": 580, | |
"wires": [ | |
[ | |
"d3a40a6d.61e2d8" | |
] | |
] | |
}, | |
{ | |
"id": "4951c6c3.245d58", | |
"type": "switch", | |
"z": "454f293f.10a098", | |
"name": "Determine if event contains IP or MAC", | |
"property": "payload.ipAddress", | |
"propertyType": "msg", | |
"rules": [ | |
{ | |
"t": "nnull" | |
}, | |
{ | |
"t": "null" | |
} | |
], | |
"checkall": "true", | |
"repair": false, | |
"outputs": 2, | |
"x": 250, | |
"y": 500, | |
"wires": [ | |
[ | |
"7538913a.f122e" | |
], | |
[ | |
"326a995c.504086" | |
] | |
], | |
"outputLabels": [ | |
"IP Address", | |
"MAC Address" | |
] | |
}, | |
{ | |
"id": "94e79ef.7e98e6", | |
"type": "debug", | |
"z": "454f293f.10a098", | |
"name": "Debug: Response", | |
"active": true, | |
"tosidebar": true, | |
"console": false, | |
"tostatus": false, | |
"complete": "payload", | |
"x": 990, | |
"y": 640, | |
"wires": [] | |
}, | |
{ | |
"id": "4b4e0ddd.ebc784", | |
"type": "debug", | |
"z": "454f293f.10a098", | |
"name": "Debug: ISE Apply Notification", | |
"active": true, | |
"tosidebar": true, | |
"console": false, | |
"tostatus": false, | |
"complete": "payload", | |
"x": 590, | |
"y": 240, | |
"wires": [] | |
}, | |
{ | |
"id": "808becbf.b6432", | |
"type": "function", | |
"z": "454f293f.10a098", | |
"name": "Set Tag Name to Apply", | |
"func": "msg.tagName = flow.get(\"policyToTagMap\")[msg.payload.policyName]\n\nif(msg.tagName)\n node.send(msg);\nelse\n node.warn(\"Tag not found for policy: \" + msg.payload.policyName);\n", | |
"outputs": 1, | |
"noerr": 0, | |
"x": 210, | |
"y": 340, | |
"wires": [ | |
[ | |
"4951c6c3.245d58" | |
] | |
] | |
}, | |
{ | |
"id": "7538913a.f122e", | |
"type": "change", | |
"z": "454f293f.10a098", | |
"name": "Extract IP Address from ISE Event", | |
"rules": [ | |
{ | |
"t": "set", | |
"p": "names", | |
"pt": "msg", | |
"to": "payload.ipAddress", | |
"tot": "msg" | |
} | |
], | |
"action": "", | |
"property": "", | |
"from": "", | |
"to": "", | |
"reg": false, | |
"x": 500, | |
"y": 420, | |
"wires": [ | |
[ | |
"fc467203.f8911" | |
] | |
] | |
}, | |
{ | |
"id": "73eca8ff.3b6c58", | |
"type": "comment", | |
"z": "454f293f.10a098", | |
"name": "Tag ePO System based on Cisco ISE Apply Endpoint Policy Notification", | |
"info": "", | |
"x": 270, | |
"y": 180, | |
"wires": [] | |
}, | |
{ | |
"id": "fc467203.f8911", | |
"type": "function", | |
"z": "454f293f.10a098", | |
"name": "Join", | |
"func": "\nreturn msg;", | |
"outputs": 1, | |
"noerr": 0, | |
"x": 730, | |
"y": 540, | |
"wires": [ | |
[ | |
"a22897d6.bdac58", | |
"27004ecc.2bda12", | |
"df83f27a.76672" | |
] | |
] | |
}, | |
{ | |
"id": "27004ecc.2bda12", | |
"type": "debug", | |
"z": "454f293f.10a098", | |
"name": "Debug: System to Tag", | |
"active": true, | |
"tosidebar": true, | |
"console": false, | |
"tostatus": false, | |
"complete": "names", | |
"x": 1000, | |
"y": 400, | |
"wires": [] | |
}, | |
{ | |
"id": "df83f27a.76672", | |
"type": "debug", | |
"z": "454f293f.10a098", | |
"name": "Debug: Tag to Apply", | |
"active": true, | |
"tosidebar": true, | |
"console": false, | |
"tostatus": false, | |
"complete": "tagName", | |
"x": 1000, | |
"y": 440, | |
"wires": [] | |
}, | |
{ | |
"id": "dc275431.b559f8", | |
"type": "function", | |
"z": "454f293f.10a098", | |
"name": "Extract IP Address from Result", | |
"func": "if(msg.payload.length)\n msg.names = msg.payload[0]['EPOComputerProperties.IPAddress'];\n\nif(msg.names)\n node.send(msg);\nelse\n node.warn(\"Unable to find IP address for: \" + msg.macAddress);", | |
"outputs": 1, | |
"noerr": 0, | |
"x": 490, | |
"y": 1340, | |
"wires": [ | |
[ | |
"fc1db5f3.3f4618" | |
] | |
] | |
}, | |
{ | |
"id": "e584c1a8.3c522", | |
"type": "function", | |
"z": "454f293f.10a098", | |
"name": "Format System Find Request", | |
"func": "msg.macAddress = msg.payload.macAddress;\nmsg.searchText = msg.macAddress.replace(/:/g,'');\nreturn msg;", | |
"outputs": 1, | |
"noerr": 0, | |
"x": 480, | |
"y": 1180, | |
"wires": [ | |
[ | |
"6b7a54f6.756f3c" | |
] | |
] | |
}, | |
{ | |
"id": "612d3d71.615f14", | |
"type": "switch", | |
"z": "454f293f.10a098", | |
"name": "Determine if event contains IP or MAC", | |
"property": "payload.ipAddress", | |
"propertyType": "msg", | |
"rules": [ | |
{ | |
"t": "nnull" | |
}, | |
{ | |
"t": "null" | |
} | |
], | |
"checkall": "true", | |
"repair": false, | |
"outputs": 2, | |
"x": 250, | |
"y": 1080, | |
"wires": [ | |
[ | |
"722d6752.477ea8" | |
], | |
[ | |
"e584c1a8.3c522" | |
] | |
], | |
"outputLabels": [ | |
"IP Address", | |
"MAC Address" | |
] | |
}, | |
{ | |
"id": "4a2cf3e9.47dcac", | |
"type": "debug", | |
"z": "454f293f.10a098", | |
"name": "Debug: Response", | |
"active": true, | |
"tosidebar": true, | |
"console": false, | |
"tostatus": false, | |
"complete": "payload", | |
"x": 850, | |
"y": 1580, | |
"wires": [] | |
}, | |
{ | |
"id": "824b2f3b.c4cb", | |
"type": "debug", | |
"z": "454f293f.10a098", | |
"name": "Debug: ISE Clear Notification", | |
"active": true, | |
"tosidebar": true, | |
"console": false, | |
"tostatus": false, | |
"complete": "payload", | |
"x": 580, | |
"y": 900, | |
"wires": [] | |
}, | |
{ | |
"id": "722d6752.477ea8", | |
"type": "change", | |
"z": "454f293f.10a098", | |
"name": "Extract IP Address from ISE Event", | |
"rules": [ | |
{ | |
"t": "set", | |
"p": "names", | |
"pt": "msg", | |
"to": "payload.ipAddress", | |
"tot": "msg" | |
} | |
], | |
"action": "", | |
"property": "", | |
"from": "", | |
"to": "", | |
"reg": false, | |
"x": 520, | |
"y": 980, | |
"wires": [ | |
[ | |
"fc1db5f3.3f4618" | |
] | |
] | |
}, | |
{ | |
"id": "60beb4e6.67beac", | |
"type": "comment", | |
"z": "454f293f.10a098", | |
"name": "Clear ePO System Tag based on Cisco ISE Clear Endpoint Policy Notification", | |
"info": "", | |
"x": 290, | |
"y": 840, | |
"wires": [] | |
}, | |
{ | |
"id": "fc1db5f3.3f4618", | |
"type": "function", | |
"z": "454f293f.10a098", | |
"name": "Collect ISE Tag Names to Clear", | |
"func": "var policyMap = flow.get(\"policyToTagMap\");\nvar keys = Object.keys(policyMap);\nmsg.payload = keys.map(function(key){\n return policyMap[key]; \n});\nreturn msg;", | |
"outputs": 1, | |
"noerr": 0, | |
"x": 850, | |
"y": 1340, | |
"wires": [ | |
[ | |
"98dc07a7.a3fda8" | |
] | |
] | |
}, | |
{ | |
"id": "98dc07a7.a3fda8", | |
"type": "split", | |
"z": "454f293f.10a098", | |
"name": "Execute for each Tag Name", | |
"splt": "\\n", | |
"spltType": "str", | |
"arraySplt": 1, | |
"arraySpltType": "len", | |
"stream": false, | |
"addname": "", | |
"x": 260, | |
"y": 1500, | |
"wires": [ | |
[ | |
"e1607375.f97fd" | |
] | |
] | |
}, | |
{ | |
"id": "e1607375.f97fd", | |
"type": "change", | |
"z": "454f293f.10a098", | |
"name": "Set Tag Name to Clear", | |
"rules": [ | |
{ | |
"t": "set", | |
"p": "tagName", | |
"pt": "msg", | |
"to": "payload", | |
"tot": "msg" | |
} | |
], | |
"action": "", | |
"property": "", | |
"from": "", | |
"to": "", | |
"reg": false, | |
"x": 340, | |
"y": 1580, | |
"wires": [ | |
[ | |
"f4184ca2.2bd89", | |
"f9e49855.aba888", | |
"8f4516f2.cbc7c8" | |
] | |
] | |
}, | |
{ | |
"id": "f9e49855.aba888", | |
"type": "debug", | |
"z": "454f293f.10a098", | |
"name": "Debug: Tag to Clear", | |
"active": true, | |
"tosidebar": true, | |
"console": false, | |
"tostatus": false, | |
"complete": "tagName", | |
"x": 620, | |
"y": 1520, | |
"wires": [] | |
}, | |
{ | |
"id": "8f4516f2.cbc7c8", | |
"type": "debug", | |
"z": "454f293f.10a098", | |
"name": "Debug: System to Clear Tag", | |
"active": true, | |
"tosidebar": true, | |
"console": false, | |
"tostatus": false, | |
"complete": "names", | |
"x": 640, | |
"y": 1480, | |
"wires": [] | |
}, | |
{ | |
"id": "30525000.94864", | |
"type": "dxl-ise-anc-apply-endpoint-policy in", | |
"z": "454f293f.10a098", | |
"name": "", | |
"client": "92f8ab5f.08f1b8", | |
"payloadType": "obj", | |
"x": 220, | |
"y": 240, | |
"wires": [ | |
[ | |
"4b4e0ddd.ebc784", | |
"808becbf.b6432" | |
] | |
] | |
}, | |
{ | |
"id": "79ef6e3b.3fdd5", | |
"type": "dxl-ise-anc-clear-endpoint-policy in", | |
"z": "454f293f.10a098", | |
"name": "", | |
"client": "92f8ab5f.08f1b8", | |
"payloadType": "obj", | |
"x": 220, | |
"y": 900, | |
"wires": [ | |
[ | |
"824b2f3b.c4cb", | |
"612d3d71.615f14" | |
] | |
] | |
}, | |
{ | |
"id": "a22897d6.bdac58", | |
"type": "dxl-epo-system-apply-tag", | |
"z": "454f293f.10a098", | |
"name": "", | |
"tagName": "", | |
"client": "92f8ab5f.08f1b8", | |
"epoUniqueId": "", | |
"returnType": "obj", | |
"x": 970, | |
"y": 540, | |
"wires": [ | |
[ | |
"94e79ef.7e98e6" | |
] | |
] | |
}, | |
{ | |
"id": "d3a40a6d.61e2d8", | |
"type": "dxl-epo-system-find", | |
"z": "454f293f.10a098", | |
"name": "", | |
"client": "92f8ab5f.08f1b8", | |
"searchNameOnly": false, | |
"epoUniqueId": "", | |
"returnType": "obj", | |
"x": 460, | |
"y": 660, | |
"wires": [ | |
[ | |
"74ea78ed.44fa38" | |
] | |
] | |
}, | |
{ | |
"id": "6b7a54f6.756f3c", | |
"type": "dxl-epo-system-find", | |
"z": "454f293f.10a098", | |
"name": "", | |
"client": "92f8ab5f.08f1b8", | |
"searchNameOnly": false, | |
"epoUniqueId": "", | |
"returnType": "obj", | |
"x": 460, | |
"y": 1260, | |
"wires": [ | |
[ | |
"dc275431.b559f8" | |
] | |
] | |
}, | |
{ | |
"id": "f4184ca2.2bd89", | |
"type": "dxl-epo-system-clear-tag", | |
"z": "454f293f.10a098", | |
"name": "", | |
"tagName": "", | |
"client": "92f8ab5f.08f1b8", | |
"epoUniqueId": "", | |
"returnType": "obj", | |
"x": 600, | |
"y": 1580, | |
"wires": [ | |
[ | |
"4a2cf3e9.47dcac" | |
] | |
] | |
}, | |
{ | |
"id": "6a9f1e60.07926", | |
"type": "config", | |
"z": "454f293f.10a098", | |
"name": "Configure: ISE Policy to ePO Tag Mapping", | |
"properties": [ | |
{ | |
"p": "policyToTagMap", | |
"pt": "flow", | |
"to": "{\"shut_down_policy\":\"ISE_shut_down_policy\",\"port_bounce_policy\":\"ISE_port_bounce_policy\",\"quarantine_policy\":\"ISE_quarantine_policy\"}", | |
"tot": "json" | |
} | |
], | |
"active": true, | |
"x": 250, | |
"y": 100, | |
"wires": [] | |
}, | |
{ | |
"id": "2500153e.3895ca", | |
"type": "comment", | |
"z": "454f293f.10a098", | |
"name": "MANDATORY STEP: Update ISE Policy to ePO Tag Mapping", | |
"info": " This node \n contains a mapping that maps between the ISE policy name and the \n corresponding tag name within ePO (see below).\n\n```javascript\n{\n \"shut_down_policy\": \"ISE_shut_down_policy\",\n \"port_bounce_policy\": \"ISE_port_bounce_policy\",\n \"quarantine_policy\": \"ISE_quarantine_policy\"\n}\n```\n\nThis mapping should be updated to reflect your Cisco ISE ANC policy names and corresponding tag\nnames within ePO. Each of the ePO tag names must be created within ePO (they \nare not automatically created).\n", | |
"x": 240, | |
"y": 60, | |
"wires": [] | |
} | |
] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment