Cisco Stealthwatch

Version: 2.0.0

Cisco stealthwatch is a network analysis tool built to protect your cloud assets and private network.

Connect Cisco Stealthwatch with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Cisco Stealthwatch.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • URL: URL to your Cisco Stealthwatch instance.
    • API Key: The API key to connect to the Cisco Stealthwatch.
  4. After you've entered all the details, click Connect.

Actions for Cisco Stealthwatch

List Alerts

List of alerts matching filtering criteria

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Search ColumnColumn name from parent table to lookup value for.Required
StatusStatus of the alert.Required
TagsFilter by tags.Required
AssigneeAlerts assigned only to.Required
Limit ResultsMaximum results to return (Default: 1000, Maximum: 50000)Required

Get Alert

Get specific alert.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alert IDColumn name from parent table to lookup value for.Required

Update Alert

Update an alert.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Alert IDColumn name from parent table to lookup value for.Required
Set ResolvedSet issue status.Required
MeritSet merit of the alert (0, 1, 2, 3, 4, 5, 6, 8, 9).Required
TagsComma separated list of tags to add.Required
New CommentAdd Comment to alert.Required
Assigned ToAssigned to user ID.Required

Block IP or Domain

Block a particular IP or domain.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Domain or IP ColumnColumn name from parent table to lookup value for.Required

List Blocked Domain

List of domains that are blocked.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Search ColumnColumn name from parent table to lookup value for.Required
Limit ResultsMaximum results to return (Default: 1000, Maximum: 50000).Required

Unblock Domain

Unblock a specific domain.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Domain ID ColumnColumn name from parent table to lookup value for.Required

List Observations

List of observations matching filtering criteria.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Search ColumnColumn name from parent table to lookup value for.Required
Observation IDObservation ID of a specific observation.Required
Alert IDObservations referenced by the alert.Required
Limit ResultsMaximum results to return (Default: 1000, Maximum: 50000).Required

List Sessions

List of sessions matching filtering criteria.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
IPColumn name from parent table to lookup value for.Required
Connected IPConnected to IP.Required
Start Time (UTC)Sessions started after (YYYY-MM-DDTHH:MM:SSZ).Required
End Time (UTC)Sessions started before (YYYY-MM-DDTHH:MM:SSZ).Required
Limit ResultsMax results to return (Default: 1000, Maximum: 50000).Required

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem
  • v1.0.10 - Added documentation link in the automation library.