ISE API Shell Patterns

# ISE Deployment Nodes
netapi ise api-call openapi GET '/api/v1/deployment/node' | \
  jq -r '.response[] | "\(.hostname) - \(.roles | join(", "))"'

ise-01 - PrimaryAdmin, PrimaryMonitoring

# Policy Sets with status indicators and hit counts
echo -e "\e[1;37m  #  POLICY SET                    HITS    STATE\e[0m"
echo -e "\e[90m  ─────────────────────────────────────────────────\e[0m"
netapi ise api-call openapi GET '/api/v1/policy/network-access/policy-set' | \
  jq -r '.response[] | "\(.rank)|\(.name)|\(.hitCounts // 0)|\(.state)"' | \
  while IFS='|' read rank name hits state; do
    if [[ "$state" == "enabled" ]]; then
      printf "  \e[1;33m%d\e[0m  \e[1;36m%-28s\e[0m \e[1;32m%6s\e[0m  \e[1;32m●\e[0m\n" "$rank" "$name" "$hits"
    else
      printf "  \e[90m%d\e[0m  \e[90m%-28s\e[0m \e[90m%6s\e[0m  \e[1;31m○\e[0m\n" "$rank" "$name" "$hits"
    fi
  done

  #  POLICY SET                    HITS    STATE
  ─────────────────────────────────────────────────
  0  Domus-Wired MAB                  15  ●
  1  Domus-Wired 802.1X              103  ●
  2  Domus-Secure 802.1X             100  ●
  3  Domus-IoT iPSK                   17  ●
  4  Domus-Guest                       0  ○
  5  Default                           1  ●

# Policy Sets with enabled/disabled indicators
netapi ise api-call openapi GET '/api/v1/policy/network-access/policy-set' | \
  jq -r '.response[] | "\(.name)|\(.state)"' | while IFS='|' read name state; do
    if [[ "$state" == "enabled" ]]; then
      printf "\e[1;32m●\e[0m \e[1;36m%s\e[0m\n" "$name"
    else
      printf "\e[1;31m○\e[0m \e[90m%s\e[0m\n" "$name"
    fi
  done

● Domus-Wired MAB
● Domus-Wired 802.1X
○ Domus-Guest

# Policy Sets numbered list with colors
netapi ise api-call openapi GET '/api/v1/policy/network-access/policy-set' | \
  jq -r '.response[] | .name' | nl | while read num name; do
    printf "\e[1;33m%2d.\e[0m \e[1;36m%s\e[0m\n" "$num" "$name"
  done

# Policy Sets in a box
echo -e "\e[1;35m╭─────────────────────────────────╮\e[0m"
echo -e "\e[1;35m│\e[0m   \e[1;37mISE Policy Sets\e[0m              \e[1;35m│\e[0m"
echo -e "\e[1;35m├─────────────────────────────────┤\e[0m"
netapi ise api-call openapi GET '/api/v1/policy/network-access/policy-set' | \
  jq -r '.response[] | .name' | while read name; do
    printf "\e[1;35m│\e[0m \e[1;36m%-31s\e[0m \e[1;35m│\e[0m\n" "$name"
  done
echo -e "\e[1;35m╰─────────────────────────────────╯\e[0m"

# List all dACLs (ERS API)
netapi ise api-call ers GET '/ers/config/downloadableacl' | \
  jq -r '.SearchResult.resources[] | .name'

# List Authorization Profiles (ERS API, filtered)
netapi ise api-call ers GET '/ers/config/authorizationprofile' | \
  jq -r '.SearchResult.resources[] | select(.name | startswith("Domus") or startswith("Linux")) | .name'

# Active ISE Sessions (table output - no JSON option)
netapi ise mnt sessions

# For JSON output, use raw API call
netapi ise api-call mnt GET '/Session/ActiveList' | \
  jq -r '.activeList.activeSession[] | "\(.user_name)\t\(.calling_station_id)\t\(.nas_ip_address)"' | column -t

# Get endpoint MAC address (Linux - ISE format with dashes)
ip link show | awk '/state UP/{getline; print toupper($2)}' | tr ':' '-' | head -1

# Log command output to file while displaying
LOGFILE="/tmp/ise-validation-$(date +%Y%m%d-%H%M%S).log"
netapi ise api-call openapi GET '/api/v1/deployment/node' | tee -a "$LOGFILE" | jq '.response[].hostname'
echo "Log saved to: $LOGFILE"

# Count API results
netapi ise api-call openapi GET '/api/v1/policy/network-access/policy-set' | \
  jq '.response | length'

# Column-aligned output
netapi ise api-call openapi GET '/api/v1/deployment/node' | \
  jq -r '.response[] | "\(.hostname)\t\(.roles | join(", "))"' | \
  column -t -s$'\t'