Arbor Sightline
Version: 1.0.0
Arbor Sightline provides robust capabilities from network-wide capacity planning, to identifying and managing the mitigation of threats to the network.
Connect Arbor Sightline with LogicHub
- Navigate to Automations > Integrations.
- Search for Arbor Sightline.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- API Key: API key for Arbor Sightline. It should have all the necessary permissions.
- Tenant: Tenant name. Example 'mariner' without quotes.
- After you've entered all the details, click Connect.
Actions for Arbor Sightline
Fetch Alert
This action allows you to search for and retrieve XML alert information.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| limit | The maximum number of alerts to return that match the filter. | Optional |
| Filter | Jinja-templated text containing keywords by which you want to filter search results. You can enter the same search strings that you can enter in the search box on the alerts pages in the sightline UI. Example: 'host'. | Optional |
Output
JSON containing the following items:
{
"result": [
{
"id": "4",
"type": "DoS Host Alert",
"is_fast_detected": false,
"importance": "low",
"classification": "Possible Attack",
"device_gid": "13",
"device_name": "T-001",
"direction": "Incoming",
"start": "2024-06-19T07:15:45",
"duration": "89",
"ongoing": true,
"resource": {
"cidr": "123.8",
"ipVersion": "4",
"managedObjects": [
{
"name": "SOR",
"id": "56",
"importance": "low"
}
]
},
"threshold": "100000",
"severity_pct": "55",
"unit": "pps",
"misuseTypes": [
"UP"
],
"annotations": [
{
"added": "2024-06-19T07:15:45",
"author": "auto-annotation",
"content": "The \"UP\" misuse type was detected by host detection at router \"S03\". (expected rate: 600.00 Mbps/50.00 Kpps, observed rate: 260.44 Mbps/54.77 Kpps)"
}
],
"max_impact_bps": "260437584",
"max_impact_pps": "54774",
"max_impact_boundary": "S03",
"impact_bps_points": [
"260437590",
"240316767"
],
"impact_pps_points": [
"54774",
"50462"
],
"impact_recorded": [
"1718781345",
"1718781405"
]
}
],
"error": null,
"has_error": false
}
Fetch Mitigations
This action allows you to search for and retrieve XML mitigations information.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| limit | The maximum number of alerts to return that match the filter. | Optional |
| Filter | Jinja-templated text containing keywords by which you want to filter search results. You can enter the same search strings that you can enter in the search box on the mitigations pages in the sightline UI. Example: 'auto-mitigation'. | Optional |
Output
JSON containing the following items:
{
"result": [
{
"id": "1301",
"type": "tms_mitigation",
"name": "DoS Alert 2114050",
"user": "gu",
"ip_version": "4",
"alert_id": "2114050",
"prefix": "20/32",
"is_automitigation": false,
"is_learning": false,
"learning_cancelled": false,
"managed_object_id": "904",
"managed_object_name": "IPv4-P",
"ongoing": true,
"duration": "11379",
"start": "2024-06-19T04:11:40",
"annotations": [
{
"added": "2024-06-19T05:14:00",
"author": "gu",
"content": "authentication countermeasure disabled."
}
]
}
],
"error": null,
"has_error": false
}
Fetch Managed Object
This action allows you to view managed object configuration data.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Filter | Jinja-templated text containing keywords by which you want to filter search results. You can enter the same search strings that you can enter in the Search box on the alerts pages in the sightline UI. Example: 'host'. | Optional |
Output
JSON containing the following items:
{
"result": [],
"error": null,
"has_error": false
}
Release Notes
v1.0.0- Initial release.
Updated 4 months ago