Claroty

claroty provides visibility, protection, and threat detection across the extended iot (xiot) – ot, iot, bms, iomt and more – in your environment prerequisites this connector requires a username and a password to authenticate capabilities this connector provides the following capabilities get alerts get asset by resource id get assets resolve alerts configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alerts retrieves a list of alerts in ctd, with optional parameters endpoint url /ranger/alerts method get input argument name type required description parameters format string optional specifies the type of response (list of fields) returned by the query if not provided, all alert properties are returned and could affect performance parameters page number optional the page number to be viewed parameters per page number optional number of alerts to pull on each page (the maximum is 500) parameters asset id exact string optional resource id of the asset parameters asset exact string optional parameters for the get alerts action parameters for asset exact string optional parameters for the get alerts action parameters q exact string optional parameters for the get alerts action parameters primary asset exact string optional the resource id of the primary asset that triggered the alert parameters non primary assets exact string optional resource ids of the non primary assets involved in the alert parameters virtual zone exact string optional the resource id of the zone that triggered the alert parameters alert id exact string optional the resource id of the alert you can add multiple ids parameters ot alerts exact string optional returns only ot alerts parameters family exact string optional model family of the asset involved in the alert, for example policy violation alert families appear in the advanced options filter of alerts parameters story severity exact string optional parameters for the get alerts action parameters id exact number optional id of an alert parameters site id exact number optional id of the site on which the alert occurred parameters data exact string optional parameters for the get alerts action parameters description exact string optional description of the alert parameters type exact number optional the type of alert parameters category exact number optional alert category parameters severity exact number optional alert severity parameters timestamp exact string optional timestamp on which the alert occured parameters last updated gte string optional the timestamp when the latest change on the alert was made in the emc parameters relevant exact boolean optional parameters for the get alerts action parameters resolved exact boolean optional parameters for the get alerts action input example {"parameters" {"format" "string","page" 123,"per page" 123,"asset id exact" "string","asset exact" "string","for asset exact" "string","q exact" "string","primary asset exact" "string","non primary assets exact" "string","virtual zone exact" "string","alert id exact" "string","ot alerts exact" "string","family exact" "string","story severity exact" "string","id exact" 123,"site id exact" 123,"data exact" "string","description exact" "string","type exact" 123,"category exact" 123,"severity exact" 123,"timestamp exact" "string","last updated gte" "string","relevant exact"\ true,"resolved exact"\ true,"resolution exact" 123,"protocol exact" "string","score exact" 123,"is qualified exact"\ true,"network id exact" 123,"resolved id exact" 123,"assigned id exact" 123,"story id exact" 123,"sort" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase count filtered number output field count filtered count in page number output field count in page count total number output field count total objects array output field objects objects actionable assets array output field objects actionable assets objects actionable assets actionable id number unique identifier objects actionable assets asset object output field objects actionable assets asset objects actionable assets asset asset type number type of the resource objects actionable assets asset asset type string type of the resource objects actionable assets asset id number unique identifier objects actionable assets asset ipv4 array output field objects actionable assets asset ipv4 objects actionable assets asset name string name of the resource objects actionable assets asset network id number unique identifier objects actionable assets asset resource id string unique identifier objects actionable assets asset site id number unique identifier objects actionable assets id number unique identifier objects actionable assets resource id string unique identifier objects actionable assets role number output field objects actionable assets role objects actionable assets role string output field objects actionable assets role objects actionable assets site id number unique identifier objects actionable caps array output field objects actionable caps objects actionable caps file name string name of the resource objects actionable caps file string output field objects actionable caps file output example {"status code" 200,"response headers" {"date" "wed, 13 mar 2024 15 39 22 gmt","content type" "application/json","content length" "8815","connection" "keep alive","server" "nginx","x content type options" "nosniff","x frame options" "sameorigin","x xss protection" "1; mode=block","strict transport security" "max age=31536000; includesubdomains","content security policy" "child src 'self' app pendo io; connect src 'self' wss\ // app pendo io cdn pen "},"reason" "ok","json body" {"count filtere get asset by resource id get asset by resource id endpoint url /ranger/assets/{{resource id}} method get input argument name type required description path parameters resource id string optional resource id of the asset to return input example {"path parameters" {"resource id" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase active queries names array name of the resource active tasks names array name of the resource approved boolean output field approved asset type number type of the resource asset type string type of the resource children array output field children children file name string name of the resource children file string output field children file class type string type of the resource code sections array output field code sections code sections file name string name of the resource code sections file string output field code sections file criticality number output field criticality criticality string output field criticality custom attributes array output field custom attributes custom attributes file name string name of the resource custom attributes file string output field custom attributes file custom informations array output field custom informations custom informations category number output field custom informations category custom informations display key string output field custom informations display key custom informations key string output field custom informations key custom informations priority number output field custom informations priority custom informations type number type of the resource output example {"status code" 200,"response headers" {"date" "wed, 13 mar 2024 15 40 52 gmt","content type" "application/json","content length" "1720","connection" "keep alive","server" "nginx","x content type options" "nosniff","x frame options" "sameorigin","x xss protection" "1; mode=block","strict transport security" "max age=31536000; includesubdomains","content security policy" "child src 'self' app pendo io; connect src 'self' wss\ // app pendo io cdn pen "},"reason" "ok","json body" {"active querie get assets retrieve a list of assets in ctd, with optional parameters endpoint url /ranger/assets method get input argument name type required description parameters format string optional specifies the type of response (list of fields) returned by the query if not provided, all asset properties are returned and could affect performance parameters page number optional the page number to be viewed parameters per page number optional number of assets to pull per page (recommended maximum 500) parameters ipv4 exact string optional ip address of the asset in ipv4 format parameters ipv6 exact string optional ip address of the asset in ipv6 format parameters mac icontains string optional the mac address of the device (free text) parameters vlan exact string optional the vlan/s of the device parameters address exact string optional the ip address of this device in the network parameters gateway exact string optional ip of the gateway of the asset's network parameters asset type exact string optional ctd asset type, for example scada client, plc, etc parameters host name exact string optional the host name of this asset parameters os exact string optional the name of the operating system parameters model icontains string optional the model of this asset (free text) parameters vendor icontains string optional the vendor of this asset (free text) parameters state exact string optional asset state as selected in the dropdown 0 = training 1 = maintenance 2 = guest parameters domain names exact string optional the exact domain name(s) of the asset parameters firmware exact string optional the exact firmware name of the asset parameters serial exact string optional the exact serial number of the asset parameters generic icontains string optional custom information (free text) parameters display name icontains string optional the name of the asset (free text) parameters criticality exact string optional these ctd values represent how critical the asset itself is to the operation parameters old ip exact string optional previous ips used by this asset parameters protocol exact string optional list of protocols used by this asset when communicating parameters last seen exact string optional the timestamp of the last instance when this device was seen in the network parameters q icontains string optional free text for the following asset info name, ip, version, model and mac input example {"parameters" {"format" "string","page" 123,"per page" 123,"ipv4 exact" "string","ipv6 exact" "string","mac icontains" "string","vlan exact" "string","address exact" "string","gateway exact" "string","asset type exact" "string","host name exact" "example name","os exact" "string","model icontains" "string","vendor icontains" "string","state exact" "string","domain names exact" "example name","firmware exact" "string","serial exact" "string","generic icontains" "string","display name icontains" "example name","criticality exact" "string","old ip exact" "string","protocol exact" "string","last seen exact" "string","q icontains" "string","alert id exact" "string","last updated gt" "string","baseline exact" "string","arp baselines exact"\ true,"insight status exact" 123,"insights insight name exact" "example name","insight timestamp gte" "string","insight timestamp lte" "string","baseline category exact" "string","baseline access type exact" "string","insight name exact" "example name","insight row key exact" "string","ghost exact"\ true,"tasks exact" "string","active queries exact" "string","subnet tag exact" "string","custom attributes exact" "string","class type exact" "string","domain name exact" "example name","involved in tags exact" "string","hosted tags icontains" "string","id exact" "string","site id exact" "string","timestamp exact" "string","approved exact"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase count filtered number output field count filtered count in page number output field count in page count total number output field count total objects array output field objects objects active queries names array name of the resource objects active tasks names array name of the resource objects approved boolean output field objects approved objects asset type number type of the resource objects asset type string type of the resource objects children array output field objects children objects children file name string name of the resource objects children file string output field objects children file objects class type string type of the resource objects code sections array output field objects code sections objects code sections file name string name of the resource objects code sections file string output field objects code sections file objects criticality number output field objects criticality objects criticality string output field objects criticality objects custom attributes array output field objects custom attributes objects custom attributes file name string name of the resource objects custom attributes file string output field objects custom attributes file objects custom informations array output field objects custom informations objects custom informations category number output field objects custom informations category output example {"status code" 200,"response headers" {"date" "wed, 13 mar 2024 15 38 30 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","server" "nginx","x content type options" "nosniff","x frame options" "sameorigin","x xss protection" "1; mode=block","strict transport security" "max age=31536000; includesubdomains","content security policy" "child src 'self' app pendo io; connect src 'self' wss\ // app pendo io cdn pen ","content encoding" "gzip"},"reason" resolve alerts resolve alerts endpoint url /ranger/ranger api/resolve alerts method post input argument name type required description alert ids array required unique identifier comment string required parameter for resolve alerts input example {"alert ids" \["269 1"],"comment" "resolved by swimlane turbine "} output parameter type description status code number http status code of the response reason string response reason phrase success boolean whether the operation was successful output example {"status code" 200,"response headers" {"date" "wed, 13 mar 2024 16 40 26 gmt","content type" "application/json","content length" "17","connection" "keep alive","server" "nginx","x content type options" "nosniff","x frame options" "sameorigin","x xss protection" "1; mode=block","strict transport security" "max age=31536000; includesubdomains","content security policy" "child src 'self' app pendo io; connect src 'self' wss\ // app pendo io cdn pen "},"reason" "ok","json body" {"success"\ true}} response headers header description example connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 1720 content security policy http response header content security policy child src 'self' app pendo io; connect src 'self' wss\ // app pendo io cdn pendo io pendo static 5700791337353216 storage googleapis com data pendo io content statisticsguidance claroty com data statisticsguidance claroty com; default src 'self'; font src 'self' data ; frame ancestors app pendo io; img src 'self' data app pendo io cdn pendo io pendo static 5700791337353216 storage googleapis com data pendo io content statisticsguidance claroty com data statisticsguidance claroty com; media src blob ; object src 'self'; script src 'self' 'unsafe inline' 'unsafe eval' app pendo io pendo io static storage googleapis com cdn pendo io pendo static 5700791337353216 storage googleapis com data pendo io content statisticsguidance claroty com data statisticsguidance claroty com; style src 'self' 'unsafe inline' app pendo io cdn pendo io pendo static 5700791337353216 storage googleapis com content statisticsguidance claroty com data statisticsguidance claroty com content type the media type of the resource application/json date the date and time at which the message was originated wed, 13 mar 2024 15 40 52 gmt server information about the software used by the origin server nginx strict transport security http response header strict transport security max age=31536000; includesubdomains transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1; mode=block