It’s been a while since my last post. So many things going on, but I am still here:)
Working with ISE Monitoring API I like an option to get errors with code/cause and how/what to check for resolution:
I was not able to find any Stealthwatch API for Alarm’s definitions. But there is a cool guide “Security Events and Alarm Categories {ver}” with all information needed.
I decided to create a kind of API and parsed PDF into the JSON file with information about Alarms. Simple and easy to use.
- Getting the list of all Alarms
% python3 define_alarm.py --list
- Getting the list of all alarms with TCP in the name:
% python3 define_alarm.py tcp
- Getting info for specific Alarm:
% python3 define_alarm.py udp-flood % python3 define_alarm.py "udp flood"
Also, there is an alarms.json file that is used as a source. It could be updated and modified.
