Cisco Stealthwatch Enterprise

Version: 1.0.1

Cisco Stealthwatch Enterprise drastically enhances threat defence by giving detailed network visibility and security analytics.

Connect Cisco Stealthwatch Enterprise with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Cisco Stealthwatch Enterprise.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • URL: URL to your Cisco Stealthwatch Enterprise instance.
    • Username: Username for Cisco Stealthwatch Enterprise.
    • Password: Password for Cisco Stealthwatch Enterprise.
  4. After you've entered all the details, click Connect.

Actions for Cisco Stealthwatch Enterprise

Top Conversations Query

Get the Top Conversations for a specific IP in Stealthwatch.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Tenant IdJinja-templated Tenant Id of the Stealthwatch Enterprise.Required
Request DataJinja-templated text containing the properties for the Request Data in JSON format. Example {"startTime": "2022-05-18T10:21:01.000","endTime": "2022-05-18T11:21:01.000","maxRows": 50}Required

Output

A JSON object returning the status of the request.

{
    "result": [],
    "error": null,
    "has_error": false
}

Release Notes

  • v1.0.1 - Added Top Conversations Query action.

© 2017-2021 LogicHub®. All Rights Reserved.