Cisco ISE workflow

Hello Community friends!

Just was wondering if anyone had ever used the following Cisco ISE action in a workflow before?

Query Endpoint

This action is used to query an endpoint for more information.

Name Type Default Required Description Enum
hostname string None True The host name None
Name Type Required Description
ers_endpoint ERSEndPoint False Returns a JSON containing information on the host

Example output:

  "ers_endpoint": {
  "id": "82e2b6d0-546b-11e8-bc94-12d1173c5b91",
  "name": "00:0E:35:D4:D8:52",
  "description": "",
  "mac": "00:0E:35:D4:D8:52",
  "profileId": "2ac6a950-8c00-11e6-996c-525400b48521",
  "staticProfileAssignment": false,
  "groupId": "aa10ae00-8bff-11e6-996c-525400b48521",
  "staticGroupAssignment": false,
  "portalUser": "",
  "identityStore": "",
  "identityStoreId": "",
  "link": {
    "rel": "self",
    "href": "",
    "type": "application/xml"

We have been working on a rogue asset procedure and setup a custom alert when a device fails to authenticate to the network. We are then trying to use the SOAR platform to query ISE for more information about the device, IE any details ISE can provide beyond the mac address and place them on the IDR investigation.

When I run our workflow in our environment, it successfully returns a url for the mac, but no other data. Should we then have to step to another plugin to read and parse the data? When I try to access the link in a web browser ISE, I just get a generic 400 error