Cisco Stealthwatch
Version: 2.0.0
Cisco stealthwatch is a network analysis tool built to protect your cloud assets and private network.
Connect Cisco Stealthwatch with LogicHub
- Navigate to Automations > Integrations.
- Search for Cisco Stealthwatch.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- URL: URL to your Cisco Stealthwatch instance.
- API Key: The API key to connect to the Cisco Stealthwatch.
- After you've entered all the details, click Connect.
Actions for Cisco Stealthwatch
List Alerts
List of alerts matching filtering criteria
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Search Column | Column name from parent table to lookup value for. | Required |
| Status | Status of the alert. | Required |
| Tags | Filter by tags. | Required |
| Assignee | Alerts assigned only to. | Required |
| Limit Results | Maximum results to return (Default: 1000, Maximum: 50000) | Required |
Get Alert
Get specific alert.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert ID | Column name from parent table to lookup value for. | Required |
Update Alert
Update an alert.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Alert ID | Column name from parent table to lookup value for. | Required |
| Set Resolved | Set issue status. | Required |
| Merit | Set merit of the alert (0, 1, 2, 3, 4, 5, 6, 8, 9). | Required |
| Tags | Comma separated list of tags to add. | Required |
| New Comment | Add Comment to alert. | Required |
| Assigned To | Assigned to user ID. | Required |
Block IP or Domain
Block a particular IP or domain.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Domain or IP Column | Column name from parent table to lookup value for. | Required |
List Blocked Domain
List of domains that are blocked.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Search Column | Column name from parent table to lookup value for. | Required |
| Limit Results | Maximum results to return (Default: 1000, Maximum: 50000). | Required |
Unblock Domain
Unblock a specific domain.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Domain ID Column | Column name from parent table to lookup value for. | Required |
List Observations
List of observations matching filtering criteria.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Search Column | Column name from parent table to lookup value for. | Required |
| Observation ID | Observation ID of a specific observation. | Required |
| Alert ID | Observations referenced by the alert. | Required |
| Limit Results | Maximum results to return (Default: 1000, Maximum: 50000). | Required |
List Sessions
List of sessions matching filtering criteria.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| IP | Column name from parent table to lookup value for. | Required |
| Connected IP | Connected to IP. | Required |
| Start Time (UTC) | Sessions started after (YYYY-MM-DDTHH:MM:SSZ). | Required |
| End Time (UTC) | Sessions started before (YYYY-MM-DDTHH:MM:SSZ). | Required |
| Limit Results | Max results to return (Default: 1000, Maximum: 50000). | Required |
Release Notes
v2.0.0- Updated architecture to support IO via filesystemv1.0.10- Added documentation link in the automation library.
Updated about 1 year ago