Cisco Secure Workload
Visualize Cisco Secure Workload user roles and scopes, and monitor changes through queries and alerts.
- Installation
- Data Model
- Types
Installation
You will need to create a new API Key and API Secret in Cisco Secure Workload for this integration. See their documentation for more information.
Required Permissions in Cisco Secure Workload
The API credentials must have read-only access to the following resources via the OpenAPI:
- Users (
/openapi/v1/users) - to retrieve user account information - Roles (
/openapi/v1/roles) - to retrieve role definitions and permissions - Scopes (
/openapi/v1/app_scopes) - to retrieve application scope configurations - Applications (
/openapi/v1/applications) - to retrieve application definitions - Workloads (
/openapi/v1/inventory) - to retrieve workload inventory and configurations - Packages (
/openapi/v1/software/packages) - to retrieve software package information - Policies (
/openapi/v1/applications/{id}/policies) - to retrieve security policies
The integration uses HMAC-SHA256 signature authentication with API Key and Secret. Ensure the API credentials are created with Observer or Read-Only scope capabilities and no write permissions are required.
Configuration in JupiterOne
To install the Cisco Secure Workload integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Cisco Secure Workload. Click New Instance to begin configuring your integration.
Creating an instance requires the following:
-
The Account Name used to identify the Cisco Secure Workload account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled. -
Description to assist in identifying the integration instance, if desired.
-
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration. -
Your Cisco Secure Workload API Key and API Secret.
-
The API URI for your Cisco Secure Workload dashboard.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | csw_account | Account |
| Interface | csw_interface | Application |
| Package | csw_package | CodeModule |
| Policy | csw_policy | ControlPolicy |
| Role | csw_role | AccessRole |
| Scope | csw_scope | Group |
| User | csw_user | User |
| Workload | csw_project | Project |
| Workload Finding | csw_workload_finding | Finding |
| Workload Vulnerability | csw_workload_vulnerability | Finding, Vulnerability |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
csw_account | HAS | csw_user |
csw_account | HAS | csw_role |
csw_account | HAS | csw_policy |
csw_interface | HAS | csw_scope |
csw_package | HAS | csw_workload_finding |
csw_policy | HAS | csw_scope |
csw_project | HAS | csw_interface |
csw_project | HAS | csw_package |
csw_project | HAS | csw_workload_finding |
csw_role | USES | csw_scope |
csw_scope | HAS | csw_scope |
csw_user | HAS | csw_role |
csw_user | ASSIGNED | csw_scope |
Csw Workload Finding
csw_workload_finding inherits from Finding
Csw Workload Vulnerability
csw_workload_vulnerability inherits from Finding, Vulnerability