Security Group Tags (SGTs)

netapi ise get-sgts
netapi ise get-sgts --size 50 --page 2
netapi ise get-sgts --format json

--size, -s INTEGER    Results per page (default: 100)
--page, -p INTEGER    Page number (default: 1)

netapi ise get-sgt --name "Employees"
netapi ise get-sgt --name "IoT_Devices"

netapi ise create-sgt "Research_Staff" 100
netapi ise create-sgt "Quarantine" 200 --description "Quarantined devices"
netapi ise create-sgt "IoT_Devices" 150 --description "Internet of Things devices"

NAME     SGT name
VALUE    SGT numeric value (avoid 0-15: reserved)

--description, -d TEXT    SGT description

0       Unknown
1       TrustSec_Devices
2-15    Cisco reserved

netapi ise update-sgt "Research_Staff" --value 101
netapi ise update-sgt "Research_Staff" --description "Updated description"
netapi ise update-sgt "Research_Staff" --name "Research_Personnel"

--name TEXT               New SGT name
--value, -v INTEGER       New SGT value
--description, -d TEXT    New description

netapi ise delete-sgt "Research_Staff"
netapi ise delete-sgt "Research_Staff" --force

--force, -f    Skip confirmation prompt

#!/bin/bash
# List all SGTs
netapi ise get-sgts

# For detailed export, use the API directly:
curl -sk "https://${ISE_PAN_IP}:${ISE_PORT}/ers/config/sgt" \
  -H "Authorization: Basic ${ISE_API_TOKEN}" \
  -H "Accept: application/json"