Cisco Stealthwatch

Cisco Stealthwatch is an agentless malware detection solution that provides visibility and network traffic security analytics across the extended network, including endpoints, branch, data center, and cloud.

Types of Assets Fetched

This adapter fetches the following types of assets:

• Devices
  
  

Parameters

1. Cisco SMC Hostname (required) - The hostname or IP address of the Cisco SMC server.

2. Tenant identifier (required) - Specify the Tenant ID. Tenant ID is the suffix of domain_[TENANT_ID] that can be found when you run the following command on the Cisco SMC server:

   ls -lsa /lancope/var/smc/config/
   

   Note: Only the tenant identifier numbers themselves need to be entered into the field.

3. User Name and Password (required) - The credentials for a user account that has the Required Permissions to fetch assets.

4. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

5. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

6. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

APIs

Axonius uses Stealthwatch Enterprise REST API Documentation.

Required Ports

HTTPS communication is required between Axonius and the Cisco SMC server.

Required Permissions

The value supplied in User Name must be a read-only user. The user should have access to Cisco Stealthwatch SMC (Management Center) with permissions to view exporters.

Version Matrix

This adapter has only been tested with the versions marked as supported, but may work with other versions. Please contact Axonius Support if you have a version that is not listed and it is not functioning as expected.