Secure Network Analytics API Postman Samples
This repository contains sample Postman collections related to Cisco Secure Network Analytics (formerly Stealthwatch) APIs. It is available for use by the Cisco DevNet community through Code Exchange.
For more information on the Secure Network Analytics REST API, please see the following link: https://developer.cisco.com/docs/stealthwatch/enterprise
Compatibility
The minimum supported version of Secure Network Analytics (formerly Stealthwatch) that is required to use each respective API capability:
- v6.5.0 (Host Snapshot)
- v6.10.0 (Domains / Tenants, Top Reports, Security Events)
- v7.0.0 (Flows, Host Groups / Tags)
- v7.1.0 (Cognitive Intelligence Incidents)
Installation
- Ensure Postman is installed.
- Download the Postman collections and environment files.
- After launching Postman, click the
import
button and import the previously downloaded Postman files.
- Under the Settings/Preferences menu for Postman, ensure that "SSL certificate verification" is turned off.
Configuration
- Ensure the Postman collections and environment have been imported.
- Select the
Stealthwatch Enterprise - DevNet
environment from the dropdown in the top-right corner of Postman.
- To the right of this dropdown (in the top-right corner of Postman), click the graphic of the gear to edit the Postman environment.
- Please set the following fields appropriately:
STEALTHWATCH-SMC
username
password
tenant-id
(optional)
Cognitive Intelligence Incidents API Configuration
The Cognitive Intelligence Incidents REST API is disabled by default. To enable the API:
- Enable Cognitive Analytics in External Services on your Manager (formerly Stealthwatch Management Console or SMC) and Flow Collector(s).
- Locate
/lancope/tomcat/webapps/cta-events-collector/WEB-INF/classes/app.properties
file on your SMC system
- Under
#CTA_ENABLED
section set the cta.api.enabled
option to true
- Restart web server on your SMC system:
systemctl restart lc-tomcat
(Note: The API returns CTA incidents for all domains and expects tenantId to be 0 in the API path parameter. Requesting data for any specific tenant will result in error.)
Usage
- From the Collections list on the left side of Postman, select the desired collection as well as the desired request to run.
- If necessary, modify any parameters in either the
params
section or the body
section of the request.
- When ready, press the
send
button to run the Postman request, and view the response below.
For more information on how to use Postman, please visit https://learning.getpostman.com.
Known issues
No known issues.
Getting help
Use this project at your own risk (support not provided). If you need technical support with Cisco Stealthwatch APIs, do one of the following:
Browse the Forum
Check out our forum to pose a question or to see if any questions have already been answered by our community. We monitor these forums on a best effort basis and will periodically post answers.
Open A Case
Getting involved
Contributions to this code are welcome and appreciated. See CONTRIBUTING for details. Please adhere to our Code of Conduct at all times.
Licensing info
This code is licensed under the BSD 3-Clause License. See LICENSE for details.