Hi David,
The API can be used to manage nodes externally. To get the list of nodes for a user: curl 'https://localhost:1443/api/v1/nodes/search' \ -H 'Authorization: Bearer ebb51aad4da62ab87dae7154f8ce5062d8654362f712a4f52d85116c206e6569' \ --data-raw '{"fields":["mac"],"query":{"op":"and","values":[{"op":"or","values":[{"field":"pid","op":"equals","value":"default"}]}]},"sort":["mac DESC"],"limit":25}' To deregister a list of nodes: curl 'https://localhost:1443/api/v1/nodes/bulk_deregister' \ -X 'PUT' \ -H 'Authorization: Bearer ebb51aad4da62ab87dae7154f8ce5062d8654362f712a4f52d85116c206e6569' \ --data-raw '{"items":["d3:4d:b4:c0:ff:ee"]}' More information about the API is available at https://www.packetfence.org/doc/api/ To obtain an Authorization token refer to /login and /token_info. Darren Satkunas Sr. Software Engineer [signature_3069383668] Office: +1.617.444.1234 Cell: +1.617.444.1234 Akamai Technologies 145 Broadway Cambridge, MA 02142 Connect with Us: [signature_3826658678]<https://community.akamai.com/> [signature_1375463681] <http://blogs.akamai.com/> [signature_3603380552] <https://twitter.com/akamai> [signature_4144200882] <http://www.facebook.com/AkamaiTechnologies> [signature_2223931078] <http://www.linkedin.com/company/akamai-technologies> [signature_2312383179] <http://www.youtube.com/user/akamaitechnologies?feature=results_main> From: David Herselman via PacketFence-users <packetfence-users@lists.sourceforge.net> Reply-To: "packetfence-users@lists.sourceforge.net" <packetfence-users@lists.sourceforge.net> Date: Thursday, December 22, 2022 at 8:35 AM To: "packetfence-users@lists.sourceforge.net" <packetfence-users@lists.sourceforge.net> Cc: David Herselman <d...@syrex.co> Subject: [PacketFence-users] Unregistering user's devices via API call? Hi, We have a CheckPoint firewall which has been configured to replace DNS queries to known malicious destinations with a bogus DNS trap IP, when devices then subsequently attempt to connect to that DNS trap IP a reaction script can be triggered. We are essentially looking for guidance on a web GET/POST/whatever that we could then initiate to unregister all devices associated with a given username. NB: The CheckPoint wouldn’t know the MAC address of the node involved in the abuse. To debug the event information from CheckPoint I temporarily simply made the script log all data it receives: [Expert@checkpoint-management:0]# cat $RTDIR/bin/ext_commands/block_on_clearpass #!/bin/bash EVENT=$(cat) echo $EVENT >> /tmp/block_on_clearpass Herewith a sanitised sample: [Expert@checkpoint-management:0]# tail -n 1 /tmp/block_on_clearpass (StartTime: 20Dec2022 11:10:26; Uuid: deadbeef-dead-beef-dead-beef00000000; rowid: ENdeadbeef-dead-beef-dead-beef00000000; id_generated_by_indexer: false; first: true; sequencenum: 1; log_id: 2000; DisplayName: IP_Block_from_DNS_Trap; Category: User Defined Events; cu_rule_id: DEADBEEF-DEAD-BEEF-DEAD-BEEFDEADBEEF; is_correlated: 1; num_of_updates: 0; is_last: 0; event_start_time: 1671534625; detection_time: 2022-12-20T09:10:26Z; time_interval: 60; max_num_count_detected: 2; cu_log_count: 2; cu_detected_by_hostname: checkpoint-management; cu_detected_by: 172.254.254.23; users_repetitions: 2; aba_customer: SMC User; source_repetitions: 2; origin_repetitions: 2; destination_repetitions: 2; service_repetitions: 2; Severity: High; type: Correlated; ProductName: VPN-1 & FireWall-1; product_family: Access; Destination: (hostname: laptop-joed; countryname: Israel; IP: 62.0.58.94; repetitions: 1) ; Origin: (IP: 0; hostname: redacted-fw01; repetitions: 1) ; Service: (port: 443; protocol: 6; servicename: https; repetitions: 1) ; Source: (user_name: joed; IP: 172.254.254.23; machine_name: laptop-joed; repetitions: 1) ; logid: 392281947) ; I’m essentially hoping for a way that I can unregister all nodes belonging to ‘joed’ in the above example… [cid:image009.gif@01D915E3.129A6C90]<https://urldefense.com/v3/__https:/www.syrex.com/__;!!GjvTz_vk!WOijWqEVW-lP4yvlHEocYGrjS_y0IV_5c-dgj3PDo9CcYCU1kUbAue4oi2J-GL3ypY8kRoJ84Jy1AEew2jtjtYI8PLq4EZvTyJw$> David Herselman | Managing Director e: d...@syrex.co<mailto:d...@syrex.co> | o: 086 11 79739<tel:+27117211900> | c: 082 784 7222<tel:082%20784%207222> a: turnberry office park, 48 grosvenor road, bryanston, 2021<https://urldefense.com/v3/__https:/maps.google.com/?q=Syrex__;!!GjvTz_vk!WOijWqEVW-lP4yvlHEocYGrjS_y0IV_5c-dgj3PDo9CcYCU1kUbAue4oi2J-GL3ypY8kRoJ84Jy1AEew2jtjtYI8PLq4eLyHauo$> www.syrex.com<https://urldefense.com/v3/__https:/www.syrex.com/__;!!GjvTz_vk!WOijWqEVW-lP4yvlHEocYGrjS_y0IV_5c-dgj3PDo9CcYCU1kUbAue4oi2J-GL3ypY8kRoJ84Jy1AEew2jtjtYI8PLq4EZvTyJw$> / accreditations<https://urldefense.com/v3/__https:/www.syrex.com/accreditations__;!!GjvTz_vk!WOijWqEVW-lP4yvlHEocYGrjS_y0IV_5c-dgj3PDo9CcYCU1kUbAue4oi2J-GL3ypY8kRoJ84Jy1AEew2jtjtYI8PLq4Y4vFTdc$> This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete it from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Think before you print. [cid:image010.png@01D915E3.129A6C90]<https://urldefense.com/v3/__https:/www.facebook.com/syrexsa__;!!GjvTz_vk!WOijWqEVW-lP4yvlHEocYGrjS_y0IV_5c-dgj3PDo9CcYCU1kUbAue4oi2J-GL3ypY8kRoJ84Jy1AEew2jtjtYI8PLq4EPu1IPw$> [cid:image011.png@01D915E3.129A6C90]<https://urldefense.com/v3/__https:/twitter.com/syrexsa__;!!GjvTz_vk!WOijWqEVW-lP4yvlHEocYGrjS_y0IV_5c-dgj3PDo9CcYCU1kUbAue4oi2J-GL3ypY8kRoJ84Jy1AEew2jtjtYI8PLq4f4GeApk$> [cid:image012.png@01D915E3.129A6C90]<https://urldefense.com/v3/__https:/www.linkedin.com/company/1723334__;!!GjvTz_vk!WOijWqEVW-lP4yvlHEocYGrjS_y0IV_5c-dgj3PDo9CcYCU1kUbAue4oi2J-GL3ypY8kRoJ84Jy1AEew2jtjtYI8PLq4KgBqxqM$> CHANGE OF BANKING DETAILS We have not changed our banking details recently. We will not just send an email to inform you of a change, should we ever do so.
_______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
