Claroty CTD Connector Guide
Claroty CTD is a robust solution that delivers comprehensive cybersecurity controls for industrial environments.
User Prerequisites/Claroty CTD Setup
- This integration will only work on 4.6.2 or higher.
- Data can only be ingested into a Mixed Mode Network.
- The user must have read access to the data.
Claroty CTD Connector API Calls
- https://<your instance>/ranger/apidocs
Configuring Claroty CTD Connector in Neurons for RBVM/ASOC
Navigate to the Automate > Integrations page.
Using the search bar in the upper-right corner of the Integrations page, type Claroty to find the connector.
Locate the Claroty CTD card on the page and click Configuration.
In the new window under Connection, complete the required fields, as described below.
- Name: The connector’s name.
- URL: The URL to access Claroty CTD API https://<your instance>/
- Username: Claroty CTD user with access to the data
- Password: Claroty CTD user password
- SSL: Optional instance SSL certificate in base64 format
NOTE: In some cases, SSL Certification may return an error stating that “SSL Handshake failed”. In these cases, the user will need to choose the Disable Hostname verification option under the Optional SSL Certificate.
Choose the network into which the data will be ingested. Claroty CTD can only be ingested into a Mixed Mode network.
Click the Test Credentials button to ensure the credentials are correct and that the connector can use these credentials to make Claroty CTD API calls.
Under Schedule, you can configure the desired schedule for the connector to retrieve results from the Claroty CTD instance.
Connector-Specific Options
Users can optionally turn on Enable auto URBA (Update Remediation by Assessment).
On marking the Create Assets that do not have vulnerabilities options, the platform will create applications with zero findings. This option is selected by default, and the user can opt to turn it off.
Select Sites to Pull Data From allows the user to configure a set of specific sites that should ingest data or negate a list of sites.
Mapping Claroty CTD fields in Neurons for RBVM/ASOC
Neurons for RBVM/ASOC Tags
|
Claroty CTD Field |
RBVM Field |
Example |
|---|---|---|
|
class_type |
1:1Asset Tag Creation |
"class_type": "IT" |
|
subnet_tag |
Asset Tag |
"subnet_tag": "abq vul-security /Security", |
Common Fields in Neurons for RBVM/ASOC
|
Claroty CTD Field |
RBVM Field |
Example |
|---|---|---|
|
id |
Scanner Specific Field: Claroty Asset Id |
"id": 9357 |
|
resource_id |
Scanner Host Unique Identifier |
"resource_id": "9357-1" |
|
first_seen |
First Discovered On |
"first_seen": "2021-11-30T08:37:59+00:00" |
|
hostname |
HostName |
"hostname": "abq123efg456" |
|
site_name |
Scanner Specific Field: Claroty Site Name |
"site_name": "Site-123" |
|
ipv4 (returns a list) |
Ip Address (this should be handled as a list) |
"ipv4": [ "1x.203.x6.23" ], |
|
Ipv6 (returns a list) |
Ip (returns a list) |
No Example |
|
mac (returns a list) |
MAC Address |
"mac": [ "50:18:44:EB:4D:58" ], |
|
domain_workgroup |
Scanner Specific Field: Claroty Domain Workgroup |
"domain_workgroup": "abq123efg456.domain.com" |
|
asset_type__ |
Scanner Specific Field: Claroty Asset Type = Endpoint |
"asset_type__": "eEndpoint" |
|
class_type |
1:1Asset Tag Creation |
"class_type": "IT" |
|
model |
Operating System | Model |
"model": "DELLOSE" |
|
vendor |
Operating System | Vendor |
"vendor": "Delloe", |
|
os |
Operating System | Name |
"os": "Windows Server 2012 R2" |
|
subnet_tag |
Asset Tag |
"subnet_tag": "abq vul-security /Security", |