Skip to main content

List Cisco Stealthwatch Security Events

This Playbook is part of the Cisco Secure Network Analytics (Stealthwatch) Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This playbook lists security events and returns the results to the context.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • GenericPolling


  • Cisco Stealthwatch


This playbook does not use any scripts.


  • cisco-stealthwatch-list-security-events-results
  • cisco-stealthwatch-list-security-events-status
  • cisco-stealthwatch-list-security-events-initialize

Playbook Inputs#

NameDescriptionDefault ValueRequired
timeoutThe amount of time to wait before a timeout occurs (in minutes).600Optional
intervalPolling frequency - how often the polling command should run (in minutes).1Optional
rangeRange of results to return (e.g., 0-20).0-20Optional
tenant_idTenant ID represents the domain on Cisco Stealthwatch.102Required
time_range1 month agoRequired

Playbook Outputs#

CiscoStealthwatch.SecurityEventResultsThe results of the search.unknown

Playbook Image#

Setup Account