Cisco stealthwatch is a network analysis tool built to protect your cloud assets and private network.
Connect Cisco Stealthwatch with Devo SOAR
Navigate to Automations > Integrations.
Search for Cisco Stealthwatch.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
URL: URL to your Cisco Stealthwatch instance.
API Key: The API key to connect to the Cisco Stealthwatch.
After you've entered all the details, click Connect.
Actions for Cisco Stealthwatch
List Alerts
List of alerts matching filtering criteria
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Search Column | Column name from parent table to lookup value for. | Required |
Status | Status of the alert. | Required |
Tags | Filter by tags. | Required |
Assignee | Alerts assigned only to. | Required |
Limit Results | Maximum results to return (Default: 1000, Maximum: 50000) | Required |
Get Alert
Get specific alert.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Alert ID | Column name from parent table to lookup value for. | Required |
Update Alert
Update an alert.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Alert ID | Column name from parent table to lookup value for. | Required |
Set Resolved | Set issue status. | Required |
Merit | Set merit of the alert (0, 1, 2, 3, 4, 5, 6, 8, 9). | Required |
Tags | Comma separated list of tags to add. | Required |
New Comment | Add Comment to alert. | Required |
Assigned To | Assigned to user ID. | Required |
Block IP or Domain
Block a particular IP or domain.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Domain or IP Column | Column name from parent table to lookup value for. | Required |
List Blocked Domain
List of domains that are blocked.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Search Column | Column name from parent table to lookup value for. | Required |
Limit Results | Maximum results to return (Default: 1000, Maximum: 50000). | Required |
Unblock Domain
Unblock a specific domain.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Domain ID Column | Column name from parent table to lookup value for. | Required |
List Observations
List of observations matching filtering criteria.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Search Column | Column name from parent table to lookup value for. | Required |
Observation ID | Observation ID of a specific observation. | Required |
Alert ID | Observations referenced by the alert. | Required |
Limit Results | Maximum results to return (Default: 1000, Maximum: 50000). | Required |
List Sessions
List of sessions matching filtering criteria.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
IP | Column name from parent table to lookup value for. | Required |
Connected IP | Connected to IP. | Required |
Start Time (UTC) | Sessions started after (YYYY-MM-DDTHH:MM:SSZ). | Required |
End Time (UTC) | Sessions started before (YYYY-MM-DDTHH:MM:SSZ). | Required |
Limit Results | Max results to return (Default: 1000, Maximum: 50000). | Required |
Release Notes
v2.0.0
- Updated architecture to support IO via filesystemv1.0.10
- Added documentation link in the automation library.