cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1474
Views
5
Helpful
5
Replies

Endace Fusion on Cisco StealthWatch

sammausing
Level 1
Level 1

Hi Team, Is there any configuration guide for Endace integration with StealthWatch. 

May I know what are the prerequisites to achieve this integration like:

1. Stealthwatch and Endace supported version 

2. Is deploying Stealthwatch Flow Sensor Virtual on EndaceProbe is mandatory?

3. Required ports for communication

Thanks.

 

 

5 Replies 5

kyoshiik
Cisco Employee
Cisco Employee

1. I research internal and external sources, I can't find any document taking about support versions. However, endace integration is external lookup of SMC function. So it just pivots from SMC UI to endace UI with queries. And recent Youtube vide posted Apr 2020 and it looks using the latest Stealthwatch version. So theoretically, it works both the latest version.

 

2. endace told Stealthwatch needs to install probes, however, this confuses everyone. Actually this integration doesn't need to install software program into Stealthwatch, it just need to add scripts to run external lookup. Please check below document.

http://www.endace.support/cisco-stealthwatch-tech-brief.pdf

 

3. Above document said, base URL is "http://dp4.endace-demo.endace.com/vision2/pivotintovision/?datasourc es=DemoRotfile&tools=trafficOverTime_by_prot&", so this means communication port is 80. In the document end part, there are screen capture of endace and it looks no https, so I think it should use port80.

Thanks for the info. Btw I could not find EDM09-123v5 EndaceVision v2 User Guide referred in the doc.

Please contact 

info@endace.com

It will help you.

 

That document is endace property so Cisco can’t provide it.

michael.morris
Level 1
Level 1

Hello,

 

My name is Michael Morris, Director of Technology Alliances, at Endace.  I am happy to provide you with some details to your questions and certainly willing to set up a follow up call if needed (drop us an email support@endace.com and mention me) .

1. We have tested all the latest connections on Cisco Stealthwatch 7.1.0 or greater and with Endace OSM version 6.5.2 or greater.

2. It is NOT required to deploy Stealthwatch Flow Sensor Virtual on EndaceProbe to deploy the integration workflow from Stealthwatch to EndaceVision.  This is simply an option for you if you want to deploy Flow Sensors out where you have EndaceProbes.

3. The "Pivot-to-EndaceVision" communication ports is by default 443 as it is HTTPs, but this is configurable in Endace OSM7.0 which we just recently released if you want different default comms ports.

Thanks Michael,

I have got the EndaceVision user guide from Endace Sales team. We are on StealthWatch v6.10.5 and Endace v6.4. Can you confirm if Endace fusion support these versions.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: