Secure Network Analytics API Postman Samples

This repository contains sample Postman collections related to Cisco Secure Network Analytics (formerly Stealthwatch) APIs. It is available for use by the Cisco DevNet community through Code Exchange.
For more information on the Secure Network Analytics REST API, please see the following link: https://developer.cisco.com/docs/stealthwatch/enterprise

Compatibility

The minimum supported version of Secure Network Analytics (formerly Stealthwatch) that is required to use each respective API capability:

  • v6.5.0 (Host Snapshot)
  • v6.10.0 (Domains / Tenants, Top Reports, Security Events)
  • v7.0.0 (Flows, Host Groups / Tags)
  • v7.1.0 (Cognitive Intelligence Incidents)

Installation

  1. Ensure Postman is installed.
  2. Download the Postman collections and environment files.
  3. After launching Postman, click the import button and import the previously downloaded Postman files.
  4. Under the Settings/Preferences menu for Postman, ensure that "SSL certificate verification" is turned off.

Configuration

  1. Ensure the Postman collections and environment have been imported.
  2. Select the Stealthwatch Enterprise - DevNet environment from the dropdown in the top-right corner of Postman.
  3. To the right of this dropdown (in the top-right corner of Postman), click the graphic of the gear to edit the Postman environment.
  4. Please set the following fields appropriately:
    • STEALTHWATCH-SMC
    • username
    • password
    • tenant-id (optional)

Cognitive Intelligence Incidents API Configuration

The Cognitive Intelligence Incidents REST API is disabled by default. To enable the API:

  • Enable Cognitive Analytics in External Services on your Manager (formerly Stealthwatch Management Console or SMC) and Flow Collector(s).
  • Locate /lancope/tomcat/webapps/cta-events-collector/WEB-INF/classes/app.properties file on your SMC system
  • Under #CTA_ENABLED section set the cta.api.enabled option to true
  • Restart web server on your SMC system: systemctl restart lc-tomcat

(Note: The API returns CTA incidents for all domains and expects tenantId to be 0 in the API path parameter. Requesting data for any specific tenant will result in error.)

Usage

  1. From the Collections list on the left side of Postman, select the desired collection as well as the desired request to run.
  2. If necessary, modify any parameters in either the params section or the body section of the request.
  3. When ready, press the send button to run the Postman request, and view the response below.

For more information on how to use Postman, please visit https://learning.getpostman.com.

Known issues

No known issues.

Getting help

Use this project at your own risk (support not provided). If you need technical support with Cisco Stealthwatch APIs, do one of the following:

Browse the Forum

Check out our forum to pose a question or to see if any questions have already been answered by our community. We monitor these forums on a best effort basis and will periodically post answers.

Open A Case

Getting involved

Contributions to this code are welcome and appreciated. See CONTRIBUTING for details. Please adhere to our Code of Conduct at all times.

Licensing info

This code is licensed under the BSD 3-Clause License. See LICENSE for details.

View code on GitHub

Code Exchange Community

Get help, share code, and collaborate with other developers in the Code Exchange community.View Community
Disclaimer:
Cisco provides Code Exchange for convenience and informational purposes only, with no support of any kind. This page contains information and links from third-party websites that are governed by their own separate terms. Reference to a project or contributor on this page does not imply any affiliation with or endorsement by Cisco.