Claroty CTD Connector Guide

Claroty CTD is a robust solution that delivers comprehensive cybersecurity controls for industrial environments.

User Prerequisites/Claroty CTD Setup

  • This integration will only work on 4.6.2 or higher.
  • Data can only be ingested into a Mixed Mode Network.
  • The user must have read access to the data.

Claroty CTD Connector API Calls

  • https://<your instance>/ranger/apidocs

Configuring Claroty CTD Connector in Neurons for RBVM/ASPM

Navigate to the Automate > Integrations page.

Using the search bar in the upper-right corner of the Integrations page, type Claroty to find the connector.

Locate the Claroty CTD card on the page and click Configuration.

In the new window under Connection, complete the required fields, as described below.

  • Name: The connector’s name.
  • URL: The URL to access Claroty CTD API https://<your instance>/
  • Username: Claroty CTD user with access to the data
  • Password: Claroty CTD user password
  • SSL: Optional instance SSL certificate in base64 format

NOTE: In some cases, SSL Certification may return an error stating that “SSL Handshake failed”. In these cases, the user will need to choose the Disable Hostname verification option under the Optional SSL Certificate.

Choose the network into which the data will be ingested. Claroty CTD can only be ingested into a Mixed Mode network.

Click the Test Credentials button to ensure the credentials are correct and that the connector can use these credentials to make Claroty CTD API calls.

Under Schedule, you can configure the desired schedule for the connector to retrieve results from the Claroty CTD instance.

Connector-Specific Options

Users can optionally turn on Enable auto URBA (Update Remediation by Assessment).

On marking the Create Assets that do not have vulnerabilities options, the platform will create applications with zero findings. This option is selected by default, and the user can opt to turn it off.

Select Sites to Pull Data From allows the user to configure a set of specific sites that should ingest data or negate a list of sites.

Mapping Claroty CTD fields in Neurons for RBVM/ASPM

Neurons for RBVM/ASPM Tags

Claroty CTD Field

RBVM Field

Example

class_type

1:1Asset Tag Creation

"class_type": "IT"

subnet_tag

Asset Tag

"subnet_tag": "abq vul-security /Security",

Common Fields in Neurons for RBVM/ASPM

Claroty CTD Field

RBVM Field

Example

id

Scanner Specific Field: Claroty Asset Id

"id": 9357

resource_id

Scanner Host Unique Identifier

"resource_id": "9357-1"

first_seen

First Discovered On

"first_seen": "2021-11-30T08:37:59+00:00"

hostname

HostName

"hostname": "abq123efg456"

site_name

Scanner Specific Field: Claroty Site Name

"site_name": "Site-123"

ipv4 (returns a list)

Ip Address (this should be handled as a list)

"ipv4": [

"1x.203.x6.23"

],

Ipv6 (returns a list)

Ip (returns a list)

No Example

mac (returns a list)

MAC Address

"mac": [

"50:18:44:EB:4D:58"

],

domain_workgroup

Scanner Specific Field: Claroty Domain Workgroup

"domain_workgroup": "abq123efg456.domain.com"

asset_type__

Scanner Specific Field: Claroty Asset Type = Endpoint

"asset_type__": "eEndpoint"

class_type

1:1Asset Tag Creation

"class_type": "IT"

model

Operating System | Model

"model": "DELLOSE"

vendor

Operating System | Vendor

"vendor": "Delloe",

os

Operating System | Name

"os": "Windows Server 2012 R2"

subnet_tag

Asset Tag

"subnet_tag": "abq vul-security /Security",