Catalog > All Topics

Cisco Stealthwatch for Security (SSO)

Cisco
2 Days
Download Course Outline
$3,000.00
Request a Quote
30 Learning Credits
Share
Related Topics
Schedule
Export to CSV
  • No schedule events found for this course.
      • PC
        Private Class
        Privately train a group of your employees at your facility, virtually, or any of our locations.
    Request
  • LCLive Classroom
    Live Classroom
    Learn and interact with your instructor and peers in-person in our classrooms.
  • VCVirtual Classroom
    Virtual Classroom
    Attend any of our instructor-led classes virtually regardless of your physical location.
  • PCPrivate Class
    Private Class
    Privately train a group of your employees at your facility, virtually, or any of our locations.
  • GTRGuaranteed to Run
    Guaranteed to Run
    GTR classes are guaranteed to run as promised and delivered.
Course Summary
Show All

Description

This course focuses on using the Cisco Stealthwatch system from the perspective of a security analyst. The overarching goal of the course is to use the Cisco Stealthwatch System to investigate potential security issues and make initial determinations of whether to proceed with a more thorough investigation or to move on to the next potential threat.

Objectives

After taking this course, you should be able to:

  • Explain what Cisco Stealthwatch is and how it works.
  • Describe the goals of using Cisco Stealthwatch in the proactive and operational modes.
  • Define basic concepts of investigation and detection of potential security issues using the Cisco Stealthwatch System.
  • Complete workflows to identify indicators of compromise in your network.
  • Describe alarm types and alarm notification within Cisco Stealthwatch.
  • Explain the utility of maps in the Cisco Stealthwatch System.
  • Describe how the Cisco Stealthwatch System contributes to successful incident handling

Prerequisites

  • Flow Basics 

  • Cisco Stealthwatch Overview and Components

  • Cisco Stealthwatch SMC Client Interface Overview

  • Cisco Stealthwatch Web App Overview

Who Should Attend

This course is intended for individuals who are responsible for using Stealthwatch to monitor security policy, provide feedback on the configuration, and initiate incident response investigations. An entry-level security analyst is the ideal audience for this class.

Outline

Day One

  • Course Introduction (60 minutes)
  • Cisco Stealthwatch Security Course Overview (15 minutes)
  • Introduction to Security (30 minutes)
  • Lunch (60 minutes)
  • Using Stealthwatch in the Proactive Mode (30 minutes)
  • Pattern Recognition (45 minutes)
  • Investigation and Detection Using Stealthwatch (30 minutes)
    • Lab: Using Top Reports and Flow Tables for Detection (15 minutes)
    • Lab: Creating and Using Dashboards for Detection (30 minutes)
    • Lab: Creating Custom Security Events (30 minutes)
    • Lab: Proactive Investigation Practice

Day Two

  • Day One Review (20 minutes)
  • Using Stealthwatch in the Operational Mode (15 minutes)
  • Alarms and Alarm Response (15 minutes)
    • Lab: Responding to Alarms (20 minutes)
  • Maps (10 minutes)
    • Lab: Using Maps for Incident Response (20 minutes)
  • Lunch (60 minutes)
  • Host Identification (10 minute)
    • Lab: Identify Hosts Using Host Snapshot and Host Report (15 minutes)
  • Culminating Scenario: Using Stealthwatch for Insider Threats (60 minutes)
  • Security Best Practices in Stealthwatch (15 minutes)
  • Cisco Stealthwatch Security Course Outcomes (15 minutes)
  • Course Conclusion (15 minutes)

Related Topics