Cisco Stealthwatch
App Vendor: Cisco
App Category: Endpoint, Vulnerability Management
Connector Version: 1.1.0
API Version: 1.0.0
About App
Cisco Stealthwatch solution provides enterprise-wide network visibility to detect and respond to threats in real-time. The application continuously analyzes network activities to create a baseline of normal network behavior. It then uses this baseline, along with non–signature-based advanced analytics that includes behavioral modeling and machine learning algorithms, as well as global threat intelligence to identify anomalies and detect and respond to threats in real-time.
Cisco Stealthwatch can quickly and with high confidence detect threats such as Command-and-Control (C&C) attacks, ransomware, Distributed-Denial-of-Service (DDoS) attacks, illicit crypto mining, unknown malware, and insider threats.
The Cisco Stealthwatch app is configured with Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Get Incidents | This action retrieves all the incidents of a particular tenant in the Cisco Stealthwatch application. |
Get Specific Incident | This action retrieves specific incidents by passing the tenant ID and the incident origin ID from the Cisco Stealthwatch application. |
Add IP to Tag | This action adds a particular IP address to a tag in the Cisco Stealthwatch application. |
Get Custom Host Alerts | This action retrieves alerts from custom hosts of the Cisco Stealthwatch application. |
Get External Host Alerts | This action retrieves alerts from external hosts of the Cisco Stealthwatch application. |
Get Internal Host Alerts | This action retrieves alerts from internal hosts of the Cisco Stealthwatch application. |
Get Tenant IDs | This action retrieves all tenant details from the Cisco Stealthwatch application. |
Configuration Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the host where Cisco Stealthwatch is running on. Example: "https://smcaddress/token/v2/authenticate" | Text | Required | |
Username | Enter the Stealthwatch username. Example: "johndoe" | Text | Required | |
Password | Enter the Stealthwatch password. | Password | Required | |
XSRF Token | Choose to require XSRF token for additional security. Example: true | Boolean | Optional | Default value: false |
Action: Get Incidents
This action retrieves all the incidents of a particular tenant in the Cisco Stealthwatch application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tenant ID | Enter the tenant ID to get incidents. Example: "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8" | Text | Required |
Example Request
[
{
"tenant_id": "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8"
}
]Action: Get Specific Incident
This action retrieves specific incidents by passing the tenant ID and the incident origin ID from the Cisco Stealthwatch application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tenant ID | Enter the tenant ID of the incident. Example: "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8" | Text | Required | |
Incident ID | Enter the incident origin ID for the incident. Example: "eyJhbGciOxxxxxxiIsInR5cCIxxxVCJ9" | Text | Required |
Example Request
[
{
"tenant_id": "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8",
"incident_id": "eyJhbGciOxxxxxxiIsInR5cCIxxxVCJ9"
}
]Action: Add IP to Tag
This action adds a particular IP address to a tag in the Cisco Stealthwatch application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tenant ID | Enter the tenant ID. Example: "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8" | Text | Required | |
Tag ID | Enter the tag ID to add the IP address. Example: "58c163a760bxxxxe707e8b" | Text | Required | |
IP address | Enter the IP address to add to the tag. Example: "1.1.1.1" | Text | Required |
Example Request
[
{
"tenant_id": "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8",
"tag_id": "58c163a760bxxxxe707e8b",
"ip_address": "1.1.1.1"
}
]Action: Get Custom Host Alerts
This action retrieves alerts from custom hosts of the Cisco Stealthwatch application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tenant ID | Enter the tenant ID. Example: "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8" | Text | Required | |
Tag ID | Enter the tag ID. Example: "58c163a760bxxxxe707e8b" | Text | Required |
Example Request
[
{
"tenant_id": "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8",
"tag_id": "58c163a760bxxxxe707e8b",
}
]Action: Get External Host Alerts
This action retrieves alerts from external hosts of the Cisco Stealthwatch application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tenant ID | Enter the tenant ID. Example: "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8" | Text | Required | |
Tag ID | Enter the tag ID. Example: "58c163a760bxxxxe707e8b" | Text | Required |
Example Request
[
{
"tenant_id": "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8",
"tag_id": "58c163a760bxxxxe707e8b",
}
]Action: Get Internal Host Alerts
This action retrieves alerts from internal hosts of the Cisco Stealthwatch application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tenant ID | Enter the tenant ID. Example: "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8" | Text | Required | |
Tag ID | Enter the tag ID. Example: "58c163a760bxxxxe707e8b" | Text | Required |
Example Request
[
{
"tenant_id": "8xxxxx82-fxx6-4xx6-9xxx-978xxxxxx8",
"tag_id": "58c163a760bxxxxe707e8b",
}
]Action: Get Tenant IDs
This action retrieves all tenant details from the Cisco Stealthwatch application.
Action Input Parameters
This action does not require any input parameter.