Gigamon ThreatINSIGHT
  • 24 Mar 2022
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Gigamon ThreatINSIGHT

  • Dark
    Light
  • PDF

Article summary

Gigamon ThreatINSIGHT is a cloud-native network detection and response (NDR) platform that provides threat activity detection and the data and context needed for cybersecurity response and investigation.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. Host Name or IP Address (required, default: https://sensor.icebrg.io) - The hostname or IP address of the Gigamon ThreatINSIGHT server.
  2. API Token (required) - An API token associated with a user account that has the Required Permissions to fetch assets.
  3. Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in Host Name or IP Address. For more details, see SSL Trust & CA Settings.
    • If enabled, the SSL certificate offered by the value supplied in Host Name or IP Address will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
    • If disabled, the SSL certificate offered by the value supplied in Host Name or IP Address will not be verified against the CA database inside of Axonius.
  4. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Host Name or IP Address.
    • If supplied, Axonius will utilize the proxy when connecting to the value supplied in Host Name or IP Address.
    • If not supplied, Axonius will connect directly to the value supplied in Host Name or IP Address.
  5. HTTPS Proxy User Name (optional, default: empty) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
    • If supplied, Axonius will authenticate with this value when connecting to the value supplied in HTTPS Proxy.
    • If not supplied, Axonius will not perform authentication when connecting to the value supplied in HTTPS Proxy.
  6. HTTPS Proxy Password (optional, default: empty) - The password to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
    • If supplied, Axonius will authenticate with this value when connecting to the value supplied in HTTPS Proxy.
    • If not supplied, Axonius will not perform authentication when connecting to the value supplied in HTTPS Proxy.
  7. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters

  1. Limit fetched data to last x days (required, default: 7) - Specify for how many days this adapter will fetch data.
NOTE

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

Required Permissions

The value supplied in API Token must be associated with credentials that have permissions to fetch assets.

A token is required to access ThreatINSIGHT APIs. To generate a token:

  1. From the Profile Settings, select API Tokens.
  2. Under the Token section, click Create New Token. Be sure to immediately save the token in a secure location, such as a password manager, as the token will not be viewable after you close the display.

All tokens you have created will be listed in the Token section. You can delete tokens by clicking Revoke for the target token.


Was this article helpful?

What's Next