Cisco Cyber Vision

Cisco Cyber Vision helps industrial organizations improve operational resilience by providing continuous visibility into operational technology (OT) security posture. Cisco Cyber Vision equips you with the required insights to build secure industrial networks, reduce downtime, and enforce cybersecurity policies through seamless integration with the IT security operations center. Cisco Cyber Vision enables easy deployment within an industrial network. Cisco Cyber Vision offers the following capabilities:

  • Unmatched visibility on all assets connected to the industrial network, including their detailed profiles and communication patterns.
  • Enhanced view of the OT security posture, including asset vulnerabilities, risk scores, intrusions, malicious activities, and abnormal behaviors.
  • Automated network segmentation by grouping assets into zones, and sharing this information with Cisco Secure Firewall or Cisco ISE for enforcement.
  • Reporting to help stakeholders implement security best practices and drive compliance with industry standards and regulations.
  • Extends IT security operations to OT by integrating with security, network management, or any custom tool. Cisco Cyber Vision helps provide rich context on OT assets and communication activities to help gain a unified view of both IT and OT domains.

Cisco Cyber Vision API Use Cases

The Cisco Cyber Vision API enable developers to comprehensively manage and monitor Cisco Cyber Vision data, offering robust support for network visibility, asset discovery, risk assessment, vulnerability management, and operational insights.

  1. Active Discovery
  • Manage active discovery profiles (create, list, retrieve, edit, or delete profiles).
  • Start, stop, or run active discovery scans.
  • Fetch scan results and ongoing statuses for active discovery profiles.
  • Retrieve active discovery policies.
  1. Activities
  • List activities and retrieve details between network endpoints.
  • Fetch specific activity details, including flows and tags.
  • Provide activity insights for dashboards and previews.
  1. Sensor Management
  • Retrieve sensor lists and details.
  • Manage sensors (create, delete, update settings).
  • Fetch sensor statistics and packaging files for deployment.
  1. Devices
  • List all devices and retrieve their details.
  • Fetch device-specific activities, vulnerabilities, and credentials.
  • Manage risk scores and external communications for devices.
  1. Baselines
  • Create, list, update, and delete baselines.
  • Fetch baseline differences and related properties (activities, components, variables, etc.).
  • Review and manage baseline discrepancies.
  1. Components
  • Retrieve and manage component details, vulnerabilities, and credentials.
  • Provide component insights for dashboards and previews.
  • Fetch flows, tags, and variables related to components.
  1. Groups
  • Create, list, update, and delete groups.
  • Fetch group details and manage hierarchical structures.
  1. Flows
  • List flows and retrieve flow-specific details.
  • Fetch flow properties, tags, and content.
  1. Vulnerabilities
  • List vulnerabilities and retrieve detailed information.
  • Acknowledge vulnerabilities across multiple devices.
  1. Dashboard Insights
  • Fetch real-time and cached dashboard metrics (events by category/severity, risk scores, protocol distributions, etc.).
  • Refresh dashboard data priorities as needed.
  1. Presets
  • Create, update, and delete presets for configuration and monitoring.
  • Provide preset-based previews for activities, components, flows, and vulnerabilities.
  • Retrieve preset-specific dashboard insights.
  1. Reports
  • Manage reports metadata (create, update, delete).
  • Generate and download reports.
  • Upload logos for reports.
  1. Custom Networks
  • Manage custom network settings (create, update, delete, validate).
  • Retrieve lists of configured custom networks.
  1. Global Settings
  • Manage global credentials for sensors and network devices.
  • Update and fetch system parameters.
  1. Risk Scores
  • Compute and fetch risk scores for devices and activities.
  • Manage risk score periods for computation.
  1. Tags and Labels
  • Manage tags for flows, components, and activities.
  • Add or delete custom names for components and devices.
  1. External Communications
  • Retrieve external communication details for devices and components.
  1. Others
  • Retrieve the system version and general information.
  • Fetch event categories and severities for security insights.

Cisco Cyber Vision Documentation

For more information on Cisco Cyber Vision, see the end-user documentation at https://www.cisco.com/c/en/us/support/security/cyber-vision/series.html.