Skip to main content

List Cisco Stealthwatch Security Events

This Playbook is part of the Cisco Secure Network Analytics (Stealthwatch) Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This playbook lists security events and returns the results to the context.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • GenericPolling

Integrations#

  • Cisco Stealthwatch

Scripts#

This playbook does not use any scripts.

Commands#

  • cisco-stealthwatch-list-security-events-results
  • cisco-stealthwatch-list-security-events-status
  • cisco-stealthwatch-list-security-events-initialize

Playbook Inputs#


NameDescriptionDefault ValueRequired
timeoutThe amount of time to wait before a timeout occurs (in minutes).600Optional
intervalPolling frequency - how often the polling command should run (in minutes).1Optional
rangeRange of results to return (e.g., 0-20).0-20Optional
tenant_idTenant ID represents the domain on Cisco Stealthwatch.102Required
time_range1 month agoRequired

Playbook Outputs#


PathDescriptionType
CiscoStealthwatch.SecurityEventResultsThe results of the search.unknown

Playbook Image#

Setup Account