Claroty

claroty provides visibility, protection, and threat detection across the extended iot (xiot) – ot, iot, bms, iomt and more – in your environment prerequisites this connector requires a username and a password to authenticate capabilities this connector provides the following capabilities get alerts get asset by resource id get assets resolve alerts configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alerts retrieves a list of alerts in ctd, with optional parameters endpoint url /ranger/alerts method get input argument name type required description format string optional specifies the type of response (list of fields) returned by the query if not provided, all alert properties are returned and could affect performance page number optional the page number to be viewed per page number optional number of alerts to pull on each page (the maximum is 500) asset id exact string optional resource id of the asset asset exact string optional parameter for get alerts for asset exact string optional parameter for get alerts q exact string optional parameter for get alerts primary asset exact string optional the resource id of the primary asset that triggered the alert non primary assets exact string optional resource ids of the non primary assets involved in the alert virtual zone exact string optional the resource id of the zone that triggered the alert alert id exact string optional the resource id of the alert you can add multiple ids ot alerts exact string optional returns only ot alerts family exact string optional model family of the asset involved in the alert, for example policy violation alert families appear in the advanced options filter of alerts story severity exact string optional parameter for get alerts id exact number optional id of an alert site id exact number optional id of the site on which the alert occurred data exact string optional response data description exact string optional description of the alert type exact number optional the type of alert category exact number optional alert category severity exact number optional alert severity timestamp exact string optional timestamp on which the alert occured last updated gte string optional the timestamp when the latest change on the alert was made in the emc relevant exact boolean optional parameter for get alerts resolved exact boolean optional parameter for get alerts output parameter type description status code number http status code of the response reason string response reason phrase count filtered number output field count filtered count in page number output field count in page count total number output field count total objects array output field objects actionable assets array output field actionable assets actionable id number unique identifier asset object output field asset asset type number type of the resource asset type string type of the resource id number unique identifier ipv4 array output field ipv4 name string name of the resource network id number unique identifier resource id string unique identifier site id number unique identifier id number unique identifier resource id string unique identifier role number output field role role string output field role site id number unique identifier actionable caps array output field actionable caps file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "wed, 13 mar 2024 15 39 22 gmt", "content type" "application/json", "content length" "8815", "connection" "keep alive", "server" "nginx", "x content type options" "nosniff", "x frame options" "sameorigin", "x xss protection" "1; mode=block", "strict transport security" "max age=31536000; includesubdomains", "content security policy" "child src 'self' app pendo io; connect src 'self' wss\ // app pendo io cdn pen " }, "reason" "ok", "json body" { "count filtered" 3, "count in page" 3, "count total" 3, "objects" \[] } } ] get asset by resource id get asset by resource id endpoint url /ranger/assets/{{resource id}} method get input argument name type required description resource id string optional resource id of the asset to return output parameter type description status code number http status code of the response reason string response reason phrase active queries names array name of the resource active tasks names array name of the resource approved boolean output field approved asset type number type of the resource asset type string type of the resource children array output field children file name string name of the resource file string output field file class type string type of the resource code sections array output field code sections file name string name of the resource file string output field file criticality number output field criticality criticality string output field criticality custom attributes array output field custom attributes file name string name of the resource file string output field file custom informations array output field custom informations category number output field category display key string output field display key key string output field key priority number output field priority type number type of the resource example \[ { "status code" 200, "response headers" { "date" "wed, 13 mar 2024 15 40 52 gmt", "content type" "application/json", "content length" "1720", "connection" "keep alive", "server" "nginx", "x content type options" "nosniff", "x frame options" "sameorigin", "x xss protection" "1; mode=block", "strict transport security" "max age=31536000; includesubdomains", "content security policy" "child src 'self' app pendo io; connect src 'self' wss\ // app pendo io cdn pen " }, "reason" "ok", "json body" { "active queries names" \[], "active tasks names" \[], "approved" true, "asset type" 18, "asset type " "ertu", "children" \[], "class type" "ot", "code sections" \[], "criticality" 2, "criticality " "ehigh", "custom attributes" \[], "custom informations" \[], "default gateway" null, "display name" "sel 4 1", "domain workgroup" null } } ] get assets retrieve a list of assets in ctd, with optional parameters endpoint url /ranger/assets method get input argument name type required description format string optional specifies the type of response (list of fields) returned by the query if not provided, all asset properties are returned and could affect performance page number optional the page number to be viewed per page number optional number of assets to pull per page (recommended maximum 500) ipv4 exact string optional ip address of the asset in ipv4 format ipv6 exact string optional ip address of the asset in ipv6 format mac icontains string optional the mac address of the device (free text) vlan exact string optional the vlan/s of the device address exact string optional the ip address of this device in the network gateway exact string optional ip of the gateway of the asset's network asset type exact string optional ctd asset type, for example scada client, plc, etc host name exact string optional the host name of this asset os exact string optional the name of the operating system model icontains string optional the model of this asset (free text) vendor icontains string optional the vendor of this asset (free text) state exact string optional asset state as selected in the dropdown 0 = training 1 = maintenance 2 = guest domain names exact string optional the exact domain name(s) of the asset firmware exact string optional the exact firmware name of the asset serial exact string optional the exact serial number of the asset generic icontains string optional custom information (free text) display name icontains string optional the name of the asset (free text) criticality exact string optional these ctd values represent how critical the asset itself is to the operation old ip exact string optional previous ips used by this asset protocol exact string optional list of protocols used by this asset when communicating last seen exact string optional the timestamp of the last instance when this device was seen in the network q icontains string optional free text for the following asset info name, ip, version, model and mac output parameter type description status code number http status code of the response reason string response reason phrase count filtered number output field count filtered count in page number output field count in page count total number output field count total objects array output field objects active queries names array name of the resource active tasks names array name of the resource approved boolean output field approved asset type number type of the resource asset type string type of the resource children array output field children file name string name of the resource file string output field file class type string type of the resource code sections array output field code sections file name string name of the resource file string output field file criticality number output field criticality criticality string output field criticality custom attributes array output field custom attributes file name string name of the resource file string output field file custom informations array output field custom informations category number output field category example \[ { "status code" 200, "response headers" { "date" "wed, 13 mar 2024 15 38 30 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "server" "nginx", "x content type options" "nosniff", "x frame options" "sameorigin", "x xss protection" "1; mode=block", "strict transport security" "max age=31536000; includesubdomains", "content security policy" "child src 'self' app pendo io; connect src 'self' wss\ // app pendo io cdn pen ", "content encoding" "gzip" }, "reason" "ok", "json body" { "count filtered" 114, "count in page" 10, "count total" 114, "objects" \[] } } ] resolve alerts resolve alerts endpoint url /ranger/ranger api/resolve alerts method post input argument name type required description alert ids array required unique identifier comment string required parameter for resolve alerts output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful example \[ { "status code" 200, "response headers" { "date" "wed, 13 mar 2024 16 40 26 gmt", "content type" "application/json", "content length" "17", "connection" "keep alive", "server" "nginx", "x content type options" "nosniff", "x frame options" "sameorigin", "x xss protection" "1; mode=block", "strict transport security" "max age=31536000; includesubdomains", "content security policy" "child src 'self' app pendo io; connect src 'self' wss\ // app pendo io cdn pen " }, "reason" "ok", "json body" { "success" true } } ] response headers header description example connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 1720 content security policy http response header content security policy child src 'self' app pendo io; connect src 'self' wss\ // app pendo io cdn pendo io pendo static 5700791337353216 storage googleapis com data pendo io content statisticsguidance claroty com data statisticsguidance claroty com; default src 'self'; font src 'self' data ; frame ancestors app pendo io; img src 'self' data app pendo io cdn pendo io pendo static 5700791337353216 storage googleapis com data pendo io content statisticsguidance claroty com data statisticsguidance claroty com; media src blob ; object src 'self'; script src 'self' 'unsafe inline' 'unsafe eval' app pendo io pendo io static storage googleapis com cdn pendo io pendo static 5700791337353216 storage googleapis com data pendo io content statisticsguidance claroty com data statisticsguidance claroty com; style src 'self' 'unsafe inline' app pendo io cdn pendo io pendo static 5700791337353216 storage googleapis com content statisticsguidance claroty com data statisticsguidance claroty com content type the media type of the resource application/json date the date and time at which the message was originated wed, 13 mar 2024 15 40 52 gmt server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1; mode=block