Claroty

About

The Claroty context integration provides enriched asset context to Netography Fusion from Claroty Industrial Cybersecurity appliances. It connects to the Claroty CTD/EMC API to retrieve asset information and then adds Context Labels to the Netography Fusion API.

☁️NetoFuse Modules: Cloud deployment vs. On-Prem deployment

This page documents how to add and configure the NetoFuse module for an on-prem deployment with a container or Python package. If you want to use the cloud deployment model and have this integration run in the Netography Fusion SaaS, you can add it as a context integration in the Netography Fusion Portal instead by consulting the Context Integrations documentation.

Supported Products

Claroty Threat Detection (CTD)

Claroty Enterprise Management Console (EMC)

⚖️Integrate to Claroty EMC if you have deployed it, and Claroty CTD if not

Claroty EMC aggregates data from multiple Claroty CTD appliances. Therefore, if you have deployed one or more Claroty EMCs in your environment, follow the configuration steps for each Claroty EMC appliance rather than each Claroty CTD.

The API and configuration steps are identical for both CTD and EMC appliances, so they are not differentiated in the documentation or in the claroty NetoFuse module.

API Configuration Parameters

All the fields required for this integration are listed here, along with the corresponding environment variable name used to set that field in the NetoFuse module.

Claroty Field
Required
NetoFuse Environment Variable
Description

URL

Yes

NETO__CLAROTY__URL

URL used to access Claroty appliance

username

Yes

NETO__CLAROTY__CREDENTIALS__USERNAME

Username to authenticate with

password

Yes

NETO__CLAROTY__CREDENTIALS__PASSWORD

Password to authenticate with

Claroty CTD/EMC Configuration

Create a read-only account in Claroty

  1. Login to the Claroty CTD or EMC appliance.

  2. Click the gear icon in the bottom left of screen.

  3. Select User Management > Users and click + to add a user.

  4. Add a user (e.g. neto-api-user) and save.

  5. Go to User Management > Groups and click + to add a group.

  6. Add a group (e.g., Read Only API Group), add the user you created.

  7. Provide read permissions for the site(s) and assets as appropriate.

You can select more granular permissions for the group based on the data you want to be read from the system.

Consult the Claroty documentation if you encounter problems creating a user.

Use the account you just created, along with the URL to the appliance you created the account on, to configure the claroty NetoFuse module.

claroty NetoFuse Module Configuration

All the fields required for this integration are listed above in the API Configuration Parameters section above. See Configure > module for additional options for setting configuration fields and Credential Storage for additional options for setting credentials.

Advanced Configuration Options

You can edit the module configuration to modify what assets and asset fields the Claroty API returns. By default, all assets available to the user authenticated to the API will be retrieved.

The params: section passes these fields arguments to the Claroty API /ranger/assets command. You do not need to edit these values unless you want to filter the list of assets and fields returned by the Claroty API.

If no fields param is added, all asset fields are returned by the API, increasing the load on the Claroty appliance. If you will only use a few fields from Claroty as context labels and have a large Claroty deployment, you may want to define the specific fields to retrieve.

Consult the Claroty Web API User Guide for further assistance configuring these parameters, and use the Claroty API Explorer to experiment with parameters.

For example, you can add a field site_id__exact that will filter the list of assets returned to only those matching a specific site ID. Multiple ids can be put on the field using Claroty's separator, which is: ,;$

default claroty module configuration

PreviousAxoniusNextDevice42

Last updated