Cisco Stealthwatch Enterprise
Version: 2.0.0
Cisco Stealthwatch Enterprise drastically enhances threat defence by giving detailed network visibility and security analytics.
Connect Cisco Stealthwatch Enterprise with LogicHub
- Navigate to Automations > Integrations.
- Search for Cisco Stealthwatch Enterprise.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- URL: URL to your Cisco Stealthwatch Enterprise instance.
- Username: Username for Cisco Stealthwatch Enterprise.
- Password: Password for Cisco Stealthwatch Enterprise.
- After you've entered all the details, click Connect.
Actions for Cisco Stealthwatch Enterprise
Top Conversations Query
Get the Top Conversations for a specific IP in Stealthwatch.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Tenant Id | Jinja-templated Tenant Id of the Stealthwatch Enterprise. | Required |
| Request Data | Jinja-templated text containing the properties for the Request Data in JSON format. Example {"startTime": "2022-05-18T10:21:01.000","endTime": "2022-05-18T11:21:01.000","maxRows": 50} | Required |
Output
A JSON object returning the status of the request.
{
"result": [],
"error": null,
"has_error": false
}
Release Notes
v2.0.0- Updated architecture to support IO via filesystemv1.0.1- AddedTop Conversations Queryaction.
Updated about 1 year ago