Authentication

Before you can use the Secure Network Analytics REST API, you must authenticate. You can use the same credentials (login/password pair) that you use to log in to the Secure Network Analytics user interface to access the Secure Network Analytics REST API. If you do not have credentials, the first step is to contact your Secure Network Analytics administrator.

You authenticate by sending a POST request containing the password to Secure Network Analytics. For example, if your Cisco Secure Network Analytics Manager (formerly Stealthwatch Management Console) is at "smcaddress," the username is "jim," and the password is "password123," you can use the following cURL command to authenticate:

curl -s -k -c cookies.txt -d "username=jim&password=password123" https://smcaddress/token/v2/authenticate

Assuming the credentials are valid, the system creates a user session and returns a cookie (stealthwatch.jwt) in the file cookies.txt. You will need to reference the cookie in subsequent calls. In v7.3.2 and later, the system also returns a second cookie (XSRF-TOKEN). You will need to set an HTTPS header X-XSRF-TOKEN to the value of this cookie for all HTTPS requests (except for GET requests). For more information, refer to the Stealthwatch Release Notes v7.3.2.

NOTE: Your user session will expire after a period of 20 minutes. This is no different to user sessions initiated through logging in via the browser. To renew your session, POST the token again.