Claroty
About
The Claroty NetoFuse module provides enriched asset context to Netography Fusion from Claroty Industrial Cybersecurity appliances. It connects to the Claroty CTD/EMC API to retrieve asset information and then adds it as Context Labelsin Netography Fusion.
NetoFuse Modules: Cloud deployment vs. on-prem deployment
This page documents how to add and configure the context integration in the Netography Fusion Portal. This will make a direct connection from the Netography Fusion SaaS in the cloud to the vendor API. If you prefer to deploy the integration within your own environment (on-prem or in your own cloud) with a container or Python package, go to the module documentation in NetoFuse Modules.
Supported Products
Claroty Threat Detection (CTD)
Claroty Enterprise Management Console (EMC)
Integrate to Claroty EMC if you have deployed it, and Claroty CTD if not
Claroty EMC aggregates data from multiple Claroty CTD appliances. Therefore, if you have deployed one or more Claroty EMCs in your environment, follow the configuration steps for each Claroty EMC appliance rather than each Claroty CTD.
The API and configuration steps are identical for both CTD and EMC appliances, so they are not differentiated in the documentation or in the
clarotyNetoFuse module.
Configuring
All the fields required and optional for this integration are listed here.
| Field | Required | Description |
|---|---|---|
| Claroty URL | Yes | URL used to access Claroty appliance |
| Claroty Username | Yes | Username to authenticate with |
| Claroty Password | Yes | Password to authenticate with |
| Per Page | Yes | Number of results to return per page from Claroty API (default 5000) |
| Fields | Yes | The fields to return from the Claroty API; If left blank, all asset fields are returned by the API, increasing the load on the Claroty appliance. You also must add fields to the Transform field in the Advanced section to map it to a Netography context label name. |
Consult the Claroty Web API User Guide for further assistance configuring these parameters, and use the Claroty API Explorer to experiment with parameters.
If you need to filter the list of assets returned by the Claroty API, additional parameters for configuration are available when using the Claroty NetoFuse module on-prem. Netography Support can assist you if you want to add any of these parameters to a cloud deployment of this integration.
Claroty CTD/EMC Configuration
Create a read-only account in Claroty
- Login to the Claroty CTD or EMC appliance.
- Click the gear icon in the bottom left of screen.
- Select User Management > Users and click
+to add a user. - Add a user (e.g.
neto-api-user) and save. - Go to User Management > Groups and click
+to add a group. - Add a group (e.g.,
Read Only API Group), add the user you created. - Provide read permissions for the site(s) and assets as appropriate.
You can select more granular permissions for the group based on the data you want to be read from the system.
Consult the Claroty documentation if you encounter problems creating a user.
Use the account you just created, along with the URL to the appliance you created the account on, to configure the claroty NetoFuse module.
Transform
The Advanced section of the context integration contains the Transform field. This field allows you to add, remove, or change the mapping of fields returned by the vendor API to Netography Fusion context labels.
See the Context Transforms documentation section for more instructions on editing this field.
It may be helpful to first configure all the parameters and the transform field with a NetoFuse container on your local system and then copy those fields into the Portal once you have validated that everything is configured properly.
Updated about 2 months ago