Cyberwatch

The Cyberwatch connector allows you to retrieve asset inventory and vulnerability data detected by your Cyberwatch platform directly into OverSOC.

Objective

The Cyberwatch connector retrieves the following information:

• Asset inventory (servers, workstations, network equipment)
• Detected vulnerabilities with CVE references
• Compliance score and remediation priorities

Prerequisites

• Access to your Cyberwatch instance
• Administrator permissions to access inventory data
• Ability to generate API keys

Information to Provide in OverSOC

Procedure

Generate API Credentials in Cyberwatch

1. Sign in to your Cyberwatch instance.
2. Go to Profile > API Keys.
3. Click "View my API keys" or "+ Add" to create a new key.
4. Generate the API credentials:
   • API Access Key ID: Auto-generated identifier.
   • API Secret Access Key: Auto-generated secret.
5. Optionally, export the credentials as an api.conf file for reference.
6. Copy both the API Access Key ID and API Secret Access Key immediately.
7. For OverSOC, ensure the API key has "Read only" access level.

Retrieve the API URL

1. The API URL is the base URL of your Cyberwatch instance.
2. Example: https://cyberwatch.example.com or https://app.cyberwatch.io for the SaaS version.

Configure the Connector in OverSOC

1. In OverSOC, go to Data Sources Settings > Sources.
2. Select Cyberwatch and click Configure.
3. Fill in the three required fields:
   • API URL: Base URL of your Cyberwatch instance.
   • API Key: Your API Access Key ID.
   • API Secret: Your API Secret Access Key.
4. Click Save Configuration.

Official Documentation

For additional information, refer to the Cyberwatch API documentation.

Required Permissions

The API credentials must have the following permissions:

• Read access to asset inventory
• Read access to vulnerabilities and detections
• Read access to compliance reports