dc stale

Synopsis

netapi ise dc stale [OPTIONS]

Description

Find stale endpoints not seen in N days. Essential for compliance reporting, inventory cleanup, and identifying dormant or abandoned devices.

Options

Option Default Description

Option	Default	Description
`--days`, `-d`	`30`	Days since last seen
`--limit`, `-l`	`100`	Maximum results to return

--days, -d

30

Days since last seen

--limit, -l

100

Maximum results to return

Usage

# Not seen in 30 days (default)
netapi ise dc stale

# Not seen in 7 days
netapi ise dc stale --days 7

# 90+ day dormant devices
netapi ise dc stale --days 90

# Get more results
netapi ise dc stale --limit 500

# JSON for processing
netapi ise dc --format json stale

Sample Output

        Stale Endpoints (not seen in 30+ days)
┏━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━┓
┃ MAC               ┃ Hostname       ┃ IP           ┃ Policy          ┃ Last Seen           ┃
┡━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━┩
│ AA:BB:CC:11:22:33 │ old-laptop     │ -            │ Windows10-Work  │ 2025-12-15 14:30    │
│ 00:11:22:33:44:55 │ -              │ -            │ Unknown         │ 2025-12-10 09:15    │
│ DE:AD:BE:EF:00:01 │ guest-phone    │ -            │ Apple-Device    │ 2025-11-28 16:45    │
└───────────────────┴────────────────┴──────────────┴─────────────────┴─────────────────────┘

Found 3 stale endpoints

Use Cases

Compliance Reporting

#!/bin/bash
# Weekly compliance report

echo "=== Stale Endpoint Report ==="
echo "Generated: $(date)"
echo

echo "### 7-30 days stale ###"
netapi ise dc stale --days 7 --limit 50 | head -20

echo
echo "### 30-90 days stale ###"
netapi ise dc stale --days 30 --limit 50 | head -20

echo
echo "### 90+ days dormant ###"
netapi ise dc stale --days 90 --limit 50

Inventory Cleanup

# Export stale endpoints for review
netapi ise dc --format json stale --days 90 --limit 1000 | jq -r '
  ["MAC","Hostname","Policy","Last Seen"],
  (.[] | [.mac_address, .hostname, .endpoint_policy, .last_seen]) | @csv
' > stale_for_cleanup.csv

# Count by policy
netapi ise dc --format json stale --days 90 | jq '
  group_by(.endpoint_policy) |
  map({policy: .[0].endpoint_policy, count: length}) |
  sort_by(-.count)
'

Automated Cleanup Prep

#!/bin/bash
# Generate list of MACs to delete

netapi ise dc --format json stale --days 180 --limit 1000 | jq -r '
  .[] | .mac_address
' > macs_to_delete.txt

echo "Found $(wc -l < macs_to_delete.txt) endpoints for cleanup"
echo "Review before running: netapi ise delete-endpoint --force <MAC>"

Monitor for Returning Devices

# Check if "stale" devices came back
STALE=$(netapi ise dc --format json stale --days 30)
for mac in $(echo "$STALE" | jq -r '.[] | .mac_address'); do
  # Check if device has recent auth
  RECENT=$(netapi ise dc --format json auth-history "$mac" --hours 24 2>/dev/null | jq 'length')
  if [[ "$RECENT" -gt 0 ]]; then
    echo "Returned: $mac ($RECENT auths in 24h)"
  fi
done

Compliance Categories

Days Stale	Risk Level	Action
7-30	Low	Monitor - may be vacation/travel
30-90	Medium	Review - contact device owner
90+	High	Cleanup candidate - likely abandoned

Days Stale

Risk Level

Action

7-30

Low

Monitor - may be vacation/travel

30-90

Medium

Review - contact device owner

90+

High

Cleanup candidate - likely abandoned