Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1644
Views
0
Helpful
1
Replies

Stealthwatch Cloud API V3 Source ID Question

Go to solution
conard.richardson
Level 1
Level 1

‎01-06-2022 01:40 PM

https://developer.cisco.com/docs/stealthwatch/cloud/#!stealthwatch-cloud-api-version-3

 

When you pull back an observation, the source id of the object is what?  I assumed it was a hostname ID, but that doesn't seem to line up.  I said that because it doesn't find the hostname for the IDs I'm feeding it.

 

I feel like I must be missing something.  What is that source id?  And how do I query to get the actual source information, like the hostname and IP address.

 

For example, given this returned observation object ID, what is that source ID 38?

 

{
"id": 9831,
"time": "2022-01-06T11:25:36Z",
"creation_time": "2022-01-06T11:25:36Z",
"source": 38,
"observation_name": "New External Server",
"resource_name": "new_external_server_observation_v2",
"end_time": "2022-01-06T11:25:36Z",
"external_ip": "91.189.91.39",
"new_tag": "WebServer",
"new_ports": "80, 443, 8000, 8080, 8443",
"bytes_in": 10111562,
"bytes_out": 392364,
"external_ip_country_code": "US",
}

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
conard.richardson
Level 1
Level 1

‎01-11-2022 02:02 PM

Got the answer.  Had to reach out through our Cisco partner contacts.  For anybody else that might come across this.  The documentation is incomplete:

 

 

This should be the id of the device that was the source of the device.

You can get the device info from https://<tenant-id>.obsrvbl.com/v2/#/device/summary/?id=<source>, where <source> is the device id you get from the observation.

 

This https://<tenant-id>.obsrvbl.com/api/v3/sources/devicesource/<source> will provide a rich set of info.

 

View solution in original post

0 Helpful
1 Reply 1

Go to solution
conard.richardson
Level 1
Level 1

‎01-11-2022 02:02 PM

Got the answer.  Had to reach out through our Cisco partner contacts.  For anybody else that might come across this.  The documentation is incomplete:

 

 

This should be the id of the device that was the source of the device.

You can get the device info from https://<tenant-id>.obsrvbl.com/v2/#/device/summary/?id=<source>, where <source> is the device id you get from the observation.

 

This https://<tenant-id>.obsrvbl.com/api/v3/sources/devicesource/<source> will provide a rich set of info.

 

0 Helpful
Customers Also Viewed These Support Documents