Hi Team, Is there any configuration guide for Endace integration with StealthWatch.
May I know what are the prerequisites to achieve this integration like:
1. Stealthwatch and Endace supported version
2. Is deploying Stealthwatch Flow Sensor Virtual on EndaceProbe is mandatory?
3. Required ports for communication
1. I research internal and external sources, I can't find any document taking about support versions. However, endace integration is external lookup of SMC function. So it just pivots from SMC UI to endace UI with queries. And recent Youtube vide posted Apr 2020 and it looks using the latest Stealthwatch version. So theoretically, it works both the latest version.
2. endace told Stealthwatch needs to install probes, however, this confuses everyone. Actually this integration doesn't need to install software program into Stealthwatch, it just need to add scripts to run external lookup. Please check below document.
3. Above document said, base URL is "http://dp4.endace-demo.endace.com/vision2/pivotintovision/?datasourc es=DemoRotfile&tools=trafficOverTime_by_prot&", so this means communication port is 80. In the document end part, there are screen capture of endace and it looks no https, so I think it should use port80.
My name is Michael Morris, Director of Technology Alliances, at Endace. I am happy to provide you with some details to your questions and certainly willing to set up a follow up call if needed (drop us an email firstname.lastname@example.org and mention me) .
1. We have tested all the latest connections on Cisco Stealthwatch 7.1.0 or greater and with Endace OSM version 6.5.2 or greater.
2. It is NOT required to deploy Stealthwatch Flow Sensor Virtual on EndaceProbe to deploy the integration workflow from Stealthwatch to EndaceVision. This is simply an option for you if you want to deploy Flow Sensors out where you have EndaceProbes.
3. The "Pivot-to-EndaceVision" communication ports is by default 443 as it is HTTPs, but this is configurable in Endace OSM7.0 which we just recently released if you want different default comms ports.
I have got the EndaceVision user guide from Endace Sales team. We are on StealthWatch v6.10.5 and Endace v6.4. Can you confirm if Endace fusion support these versions.