dc threats

Synopsis

netapi ise dc threats [OPTIONS]

Description

Get threat events from ISE Threat-Centric NAC. Events from threat intelligence feeds (AMP, Qualys, Rapid7, etc.).

Options

Option Default Description

--hours, -h

24

Hours to look back

--limit, -l

50

Maximum records to return

--severity, -s

(none)

Filter by severity (e.g., HIGH, CRITICAL)

Usage

# Last 24 hours (default)
netapi ise dc threats

# High severity only
netapi ise dc threats --severity HIGH

# Last week
netapi ise dc threats --hours 168

# Critical threats
netapi ise dc threats --severity CRITICAL --hours 168

Sample Output

Threat Events (last 24h)
──────────────────────────────────────────────────────────────────────────────
Time                 Severity  Title                   MAC                IP           Vendor
──────────────────────────────────────────────────────────────────────────────
2026-01-23 10:43:21  HIGH      Malware detected        3C:EC:EF:43:50:42  10.50.10.50  AMP
2026-01-23 10:41:08  MEDIUM    Vulnerability found     70:15:FB:F8:47:EC  10.50.10.51  Qualys

Use Cases

Daily Security Check

# High/Critical threats in last 24h
netapi ise dc threats --severity HIGH
netapi ise dc threats --severity CRITICAL

Incident Response

# All threat events, JSON for processing
netapi ise dc --format json threats --hours 48 | jq '.[] | select(.severity == "HIGH")'

See Also

  • coa-events - Quarantine actions taken

  • anc - Apply quarantine policies