External Lookup (for Stealthwatch System v6.10.0)

Similar documents
Flow Sensor and Load Balancer Integration Guide. (for Stealthwatch System v6.9.2)

Cisco CSPC 2.7x. Configure CSPC Appliance via CLI. Feb 2018

Downloading and Licensing. (for Stealthwatch System v6.9.1)

Cisco Meeting App. Cisco Meeting App (Windows) Release Notes. March 08, Cisco Systems, Inc.

Cisco Meeting App. What's new in Cisco Meeting App Version December 17

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.5

Cisco Meeting App. Release Notes. WebRTC. Version number September 27, Cisco Systems, Inc.

Cisco Meeting App. Cisco Meeting App (OS X) Release Notes. October 24, Cisco Systems, Inc.

Cisco Meeting App. Cisco Meeting App (OS X) Release Notes. July 21, 2017

Validating Service Provisioning

TechNote on Handling TLS Support with UCCX

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.6

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.2

Cisco TelePresence FindMe Cisco TMSPE version 1.2

Creating and Installing SSL Certificates (for Stealthwatch System v6.10)

Stealthwatch System v6.9.0 Internal Alarm IDs

Application Launcher User Guide

Proxy Log Configuration

Stealthwatch and Cognitive Analytics Configuration Guide (for Stealthwatch System v6.10.x)

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 5.7. User Guide July 2018

Cisco FindIT Plugin for Kaseya Quick Start Guide

Managing Device Software Images

Proxy Log Configuration

SAML SSO Okta Identity Provider 2

Cisco Unified Communications Self Care Portal User Guide, Release

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 5.0

Cisco Proximity Desktop

Migration and Upgrade: Frequently Asked Questions

Cisco Jabber IM for iphone Frequently Asked Questions

Cisco Unified Communications Self Care Portal User Guide, Release 11.5(1)

Cisco Meeting App. Cisco Meeting App (Windows) Release Notes. March 08, Cisco Systems, Inc.

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at

Cisco Meeting App. Cisco Meeting App (ios) Release Notes. October 06, 2017

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 3.1

Cisco UC Integration for Microsoft Lync 9.7(4) User Guide

Method of Procedure for HNB Gateway Configuration on Redundant Serving Nodes

Software Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)

Troubleshooting guide

Cisco Jabber for Android 10.5 Quick Start Guide

Cisco Unified Communications Manager Device Package 8.6(2)( ) Release Notes

Cisco StadiumVision Management Dashboard Monitored Services Guide

Provisioning an OCH Network Connection

VCS BSS/OSS Adaptor (BOA) 17.2 Release Notes

Cisco Meeting Management

Wireless Clients and Users Monitoring Overview

Cisco Prime Home Device Driver Mapping Tool July 2013

Cisco Meeting Management

Cisco Expressway ENUM Dialing

CPS UDC MoP for Session Migration, Release

Cisco Meeting Management

Cisco Meeting App. User Guide. Version December Cisco Systems, Inc.

Recovery Guide for Cisco Digital Media Suite 5.4 Appliances

Cisco TelePresence TelePresence Server MSE 8710

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6

Cisco TelePresence Supervisor MSE 8050

Cisco TelePresence MCU MSE 8510

Cisco Jabber Video for ipad Frequently Asked Questions

Cisco UCS Performance Manager Release Notes

Cisco CSPC 2.7.x. Quick Start Guide. Feb CSPC Quick Start Guide

Cisco Meeting Server. Cisco Meeting Server Release 2.0+ Multi-tenancy considerations. December 20, Cisco Systems, Inc.

Cisco Evolved Programmable Network System Test Topology Reference Guide, Release 5.0

Cisco Connected Grid Design Suite (CGDS) - Substation Workbench Designer User Guide

CC Software version 1.5.0

Cisco Meeting App. User Guide. Version December Cisco Systems, Inc.

Host Upgrade Utility User Guide for Cisco UCS E-Series Servers and the Cisco UCS E-Series Network Compute Engine

This document was written and prepared by Dale Ritchie in Cisco s Collaboration Infrastructure Business Unit (CIBU), Oslo, Norway.

Media Services Proxy Command Reference

Provisioning an Ethernet Private Line (EPL) Virtual Connection

Cisco TEO Adapter Guide for Microsoft Windows

Cisco Unified Communications Manager Device Package 10.5(1)( ) Release Notes

Wired Network Summary Data Overview

Cisco Jabber for Windows 10.6 User Guide. User Guide 4 Availability 4 Create Custom Tabs 15 Accessibility 16 Troubleshooting 20

IP Routing: ODR Configuration Guide, Cisco IOS Release 15M&T

Cisco TEO Adapter Guide for

Access Switch Device Manager Template Configuration

Cisco TelePresence IP GW MSE 8350

Cisco Terminal Services (TS) Agent Guide, Version 1.1

HTTP Errors User Guide

Cisco TelePresence Management Suite Provisioning Extension 1.6

Quantum Policy Suite Subscriber Services Portal 2.9 Interface Guide for Managers

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Cisco TelePresence Management Suite Extension for Microsoft Exchange Version 3.1

Compatibility Matrix for Cisco Unified Communications Manager and IM & Presence Service, Release 11.x

Deploying IWAN Routers

Cisco Meeting Management

Cisco Nexus 3000 Series NX-OS Verified Scalability Guide, Release 7.0(3)I7(2)

Cisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007

Cisco TelePresence Server 4.2(3.72)

Deploying Devices. Cisco Prime Infrastructure 3.1. Job Aid

Cisco Instant Connect MIDlet Reference Guide

Cisco TelePresence Management Suite 15.5

Cisco Report Server Readme

Release Notes for Cisco Unified Intelligence Center, Release 10.0(1)

Direct Upgrade Procedure for Cisco Unified Communications Manager Releases 6.1(2) 9.0(1) to 9.1(x)

Installation and Configuration Guide for Visual Voic Release 8.5

User Guide for Cisco Jabber for Mac 11.6

Cisco TelePresence Management Suite 15.4

Cisco Meeting Server. Load Balancing Calls Across Cisco Meeting Servers. White Paper. 22 January Cisco Systems, Inc.

Cisco UCS Director F5 BIG-IP Management Guide, Release 5.0

CPS UDC SNMP and Alarms Guide, Release

Transcription:

External Lookup (for Stealthwatch System v6.10.0)

Copyrights and Trademarks 2017 Cisco Systems, Inc. All rights reserved. NOTICE THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED "AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies are considered un-controlled copies and the original on-line version should be referred to for latest version. Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.

CONTENTS Contents iii Managing External Lookup 5 Configuring External Lookup 7 Why you use this page 7 How to find this page 7 What should you do on this page? 7 What should you do next? 11 Performing an External Lookup 13 Why you use this feature 13 How to use this feature 13 What should you do next? 13 Contents iii

iv Contents

1 MANAGING EXTERNAL LOOKUP The External Lookup feature allows you to launch a Web application (or internal asset database) to view additional information about an IP address. You can launch this Web application or database directly from the Stealthwatch Management Console (SMC) client interface or the SMC Web App interface. You can also use the External Lookup feature to create shortcuts that enable you to jump quickly from the SMC client interface to the SMC Web App interface. The Stealthwatch System includes the following default Web applications (lookup options) for use with the External Lookup feature; you do not have to add them to the Stealthwatch System: Cisco SenderBase DShield Host Report Some examples of Web applications that a Stealthwatch System administrator can add to view additional information about an IP address include the following: BigFix CiscoWorks Cisco Identity Services Engine (ISE) Splunk Tripwire Ziften Important: To add a non-default lookup option, you must use the External Lookup Configuration tool in the SMC Web App interface. For more information about how to do this, refer to Configuring External Lookup. 5

6

2 CONFIGURING EXTERNAL LOOKUP Why you use this page Use this page to do the following: View the lookup options you have added. Add, edit, delete, enable, or disable a lookup option. Configure the specific parameters that you want to send to a Web application. The parameters you configure are only sent if they are available for the IP address on which you are performing the lookup. Note: If you upgrade your Stealthwatch System to version 6.7 or later, any weblinks.xml that you have used with the external lookup feature will be migrated to a new format; the old weblinks.xml will no longer be used. How to find this page From the header, click the Global Settings icon and then click External Lookup Configuration. What should you do on this page? Notes: Cisco SenderBase, DShield, and Host Report are included by default for use with the External Lookup feature; you do not have to add them to the Stealthwatch System. To use any other Web application with this feature, you must add it to the Stealthwatch System. When upgrading to v6.7, for each external lookup option that you previously added, you will now have two in v.6.7. The Stealthwatch System no longer uses weblinks.xml files to manage external lookup configuration. View lookup options. Do the following as they apply: 7

Configuring External Lookup View the list of Web applications (lookup options) to determine if this list contains the lookup options you need and that they are enabled for use with the External Lookup feature. To disable a lookup option so that it is not available for use with the External Lookup feature (but to retain its configuration for later use), click Enabled in the applicable row. The button toggles to show the status of Disabled. To enable this vendor in the future, click Disabled. The button toggles to show the status of Enabled. To edit or delete a lookup option, in the Actions column, click the ellipsis to open the context menu, and then select the appropriate option. Add lookup options and configure parameters. Click Add External Lookup in the upper right corner of the External Lookup section. Refer to the following for information about configuring parameters: To view information about internal IP addresses in a Web application, ensure you select the "Enable lookup of internal IP addresses" check box. The parameters you configure appear in a Web application only if they are available for the IP address on which you are performing the lookup. You can map up to 20 query parameters for each lookup option. If you want a parameter to be required when performing a lookup using a specific Web application, select the Required check box. Every parameter you designate to be required for a specific Web application must be available for the IP address on which you are performing a lookup. If one or more of the required parameters are not available for the relevant IP address, that lookup option will not be enabled in the pop-up menu. The URL script builder file contains the script that configures the query parameters into the URL format that the Web application requires in order to run a query. If you do not upload a script builder file, the Stealthwatch System will use the default standard query parameters shown below. BaseURL?[ParameterName1]=[ParameterValue1]&[ParameterName2]= [ParameterValue2]&[ParameterName3]=[ParameterValue3] (and so on for each attribute you add) If your query parameters do not match the standard query parameters shown previously, then you must upload your customized script builder configuration. Below are some script examples to refer to when configuring a customized script builder file. URL and script examples. Example 1 The following URL and script examples are used for Web applications that use values without parameter names (e.g., Splunk). 8

Configuring External Lookup Click the following link to download a.txt file of the script shown in the previous image. Splunk script To build the script that configures the query parameters into the URL format shown previously in this example, use the Parameter Name field entry highlighted in the image below. Note: You can configure as many attributes as you need; however, ensure that you configure the same number of parameters. Example 2 9

Configuring External Lookup The following URL and script examples are used for Web applications that use rest-like parameters (e.g., Stealthwatch Host Report). Click the following link to download a.txt file of the script shown in the previous image. Stealthwatch Host Report script To build the script that configures the query parameters into the URL format shown previously in this example, use the Parameter Name field entry highlighted in the image below. 10

Configuring External Lookup What should you do next? To launch a vendor s Web application or internal asset database to view additional information about an IP address, perform an external lookup. For information about how to do this, refer to Performing an External Lookup. 11

12

3 PERFORMING AN EXTERNAL LOOKUP Why you use this feature Use this feature to query a Web application to view additional information about an IP address. How to use this feature 1. Open any page in either the SMC Web App interface or the Stealthwatch Management Console (SMC) client interface that contains the relevant IP address. 2. Do one of the following: In the SMC Web App, do one of the following to access the context menu located on most pages throughout the SMC WebApp: o o o Click the ellipsis beside the applicable IP address. Click the ellipsis in the Actions column of a data table or configuration table. Click a point in a graph. (In the Traffic by Peer Host Group graph on the Host Report page and the Top Host Groups by Traffic graph on the Host Group Report page, you must click a host group, a column, or the line between two host groups.) In the SMC client interface, right-click the relevant IP address (there are a few locations where you cannot access the External Lookup option from an IP address). 3. In the pop-up menu that appears, click External Lookup. A secondary pop-up menu appears. 4. Click the desired lookup option from the secondary pop-up menu that appears in step 3. The Web application for the lookup option you selected opens (you may be prompted to log in to the Web application) and displays the query results for the IP address on which you are performing the lookup. Every parameter you designate to be required for a specific Web application must be available for the IP address on which you are performing a lookup. If one or more of the required parameters are not available for the relevant IP address, that lookup option will not be enabled in the pop-up menu. For more information, refer to Configuring External Lookup. What should you do next? Depending on the information that is returned by the vendor, you might want to do one or more of the following: Add this IP address to a specific host group for monitoring or isolation. Flag the IP for additional research by an analyst or investigator. 13

Performing an External Lookup Launch a mitigation action against the IP address. (You must configure the Stealthwatch System so that it can do this.) 14

SW_6_10_0_Using_the_External_Lookup_DV_1_1

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback