Cisco Stealthwatch

Cisco stealthwatch is a network analysis tool built to protect your cloud assets and private network.

Integration with LogicHub

Connecting with Cisco Stealthwatch

To connect to Cisco Stealthwatch following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • URL: URL to your Cisco Stealthwatch instance.
  • API Key: The API key to connect to the Cisco Stealthwatch.

Actions with Cisco Stealthwatch

List Alerts

List of alerts matching filtering criteria

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Search Column: Column name from parent table to lookup value for.
  • Status: Status of the alert.
  • Tags: Filter by tags.
  • Assignee: Alerts assigned only to.
  • Limit Results: Max results to return (Default: 1000, Maximum: 50000)

Get Alert

Get specific alert.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Alert ID: Column name from parent table to lookup value for.

Update Alert

Update an alert.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Alert ID: Column name from parent table to lookup value for.
  • Set Resolved: Set issue status.
  • Merit: Set merit of the alert (0, 1, 2, 3, 4, 5, 6, 8, 9).
  • Tags: Comma separated list of tags to add.
  • New Comment: Add Comment to alert.
  • Assigned To: Assigned to user ID.

Block IP or Domain

Block a particular IP or domain.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Domain or IP Column: Column name from parent table to lookup value for.

List Blocked Domain

List of domains that are blocked.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Search Column: Column name from parent table to lookup value for.
  • Limit Results: Max results to return (Default: 1000, Maximum: 50000).

Unblock Domain

Unblock a specific domain.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Domain ID Column: Column name from parent table to lookup value for.

List Observations

List of observations matching filtering criteria.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Search Column: Column name from parent table to lookup value for.
  • Observation ID: Observation ID of a specific observation.
  • Alert ID: Observations referenced by the alert.
  • Limit Results: Max results to return (Default: 1000, Maximum: 50000).

List Sessions

List of sessions matching filtering criteria.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • IP: Column name from parent table to lookup value for.
  • Connected IP: Connected to IP.
  • Start Time (UTC): Sessions started after (YYYY-MM-DDTHH:MM:SSZ).
  • End Time (UTC):; Sessions started before (YYYY-MM-DDTHH:MM:SSZ).
  • Limit Results: Max results to return (Default: 1000, Maximum: 50000).

Did this page help you?