[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[[["\u003cp\u003eStealthwatch is now known as Cisco Secure Network Analytics following its acquisition by Cisco.\u003c/p\u003e\n"],["\u003cp\u003eThe Stealthwatch integration in Google Security Operations SOAR includes actions for testing connectivity, searching events, and searching flows.\u003c/p\u003e\n"],["\u003cp\u003eThe "Ping" action is used to test connectivity and can be run on all entities, with no required parameters or specific use cases.\u003c/p\u003e\n"],["\u003cp\u003eBoth the "Search Events" and "Search Flows" actions operate on the IP Address entity, requiring a time frame parameter, and returning a success status as a script result.\u003c/p\u003e\n"],["\u003cp\u003eDetailed configuration instructions for Stealthwatch integration in Google Security Operations SOAR are available in the "Configure integrations" documentation.\u003c/p\u003e\n"]]],[],null,["Stealthwatch\n\nIntegration version: 7.0\n| **Important:** Stealthwatch was acquired by Cisco and became Cisco Secure Network Analytics.\n\nConfigure Stealthwatch integration in Google Security Operations\n\nFor detailed instructions on how to configure an integration in\nGoogle SecOps, see [Configure\nintegrations](/chronicle/docs/soar/respond/integrations-setup/configure-integrations).\n\nActions\n\nPing\n\nDescription\n\nTest Connectivity.\n\nParameters\n\nN/A\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on all entities.\n\nAction Results\n\nEntity Enrichment\n\nN/A\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|---------------|\n| success | True/False | success:False |\n\nJSON Result \n\n N/A\n\nSearch Events\n\nDescription\n\nGet a hosts security events for a given time frame.\n\nParameters\n\n| Parameter | Type | Default Value | Description |\n|------------|--------|---------------|----------------------|\n| Time Frame | String | N/A | Time frame in hours. |\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on the IP Address entity.\n\nAction Results\n\nEntity Enrichment\n\nN/A\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|---------------|\n| success | True/False | success:False |\n\nJSON Result \n\n N/A\n\nSearch Flows\n\nDescription\n\nGet flows by the IP address for a given time frame.\n\nParameters\n\n| Parameter | Type | Default Value | Description |\n|------------|--------|---------------|---------------------------------|\n| Time Frame | String | N/A | Time frame in hours(e.g: 3). |\n| Limit | String | N/A | The limit of the received flow. |\n\nUse cases\n\nN/A\n\nRun On\n\nThis action runs on the IP Address entity.\n\nAction Results\n\nEntity Enrichment\n\nN/A\n\nInsights\n\nN/A\n\nScript Result\n\n| **Script Result Name** | **Value Options** | **Example** |\n|------------------------|-------------------|---------------|\n| success | True/False | success:False |\n\nJSON Result \n\n N/A\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
