5. Configuring NP-Connect
The first time an administrator accesses NP-Connect from NP-Live (+Import Data -> New connector -> Manage connectors with NP-Connect), they are required to define a Connector group name and a passphrase. The Connector group name will be used to create the encrypted connector file store. Connector information is encrypted at rest and in transit using a passphrase protected PGP key. Only system administrators know the passphrase and the passphrase is never stored. Once initiated, NP-Connect runs in the background collecting network information. If NP-Connect is restarted, the administrator has to re-authenticate to re-activate the process. Users can create multiple connector groups and each will require their own login.
To add a new connector, select “+Add new connector” button and a list of available Devices and Network management System connectors is presented. Upon selecting the Device or Network Management System to add, the user is requested to fill in connection information. The user must enter a Connector name (no spaces), host name, and credentials. The user can then verify the credentials are correct with the “Test access” button. Additional information may also be required based on the connector selected. Finally, a refresh schedule can be selected and a list of workspace the user wishes the device to be added can be input. The user can then test the connector or add the connector to complete the operation.
Once the connector is added, a tile is added to the NP-Connect home page. From the tile, the user can run the connector, pause the connector, edit the connector, copy the connector or delete the connector. To delete the connector group, the user can select delete from the top right drop down.
Configuring Read-only Access to Cisco
The NP-Live Connector for Cisco uses a read-only SSH connection to collect the output of the
show running-config command. It is best practice to create a dedicated read-only user on your Cisco devices when configuring NP-Connect. Here are the commands to only give the minimum permissions needed for this user:
conf t aaa authorization command LOCAL privilege show level 2 mode exec command running-config privilege cmd level 2 mode exec command terminal username $USERNAME password $PASSWORD priv 2 end
NP-Live Connector for Forescout
The NP-Live Connector for Forescout 8.1 and later enables integration between CounterACT and NP-Live such that
network device configuration files managed by CounterACT can be automatically imported into NP-Live
and aggregated into specific workspaces. Currently, Cisco switches are supported through the Forescout
Installing the NP-Live Module
Download the Forescout Extended Module for NP-Live from https://updates.forescout.com. Start your Forescout Console and login into Enterprise Manager. Then open “Options”, select “Modules”, and install the fpi. To request additional support for this connector or to request support for other devices, please contact email@example.com.