Catalog > All Topics

Cisco Stealthwatch Tuning (SWAT)

Cisco
2 Days
Download Course Outline
$3,000.00
Request a Quote
30 Learning Credits
Share
Related Topics
Schedule
Export to CSV
  • No schedule events found for this course.
      • PC
        Private Class
        Privately train a group of your employees at your facility, virtually, or any of our locations.
    Request
  • LCLive Classroom
    Live Classroom
    Learn and interact with your instructor and peers in-person in our classrooms.
  • VCVirtual Classroom
    Virtual Classroom
    Attend any of our instructor-led classes virtually regardless of your physical location.
  • PCPrivate Class
    Private Class
    Privately train a group of your employees at your facility, virtually, or any of our locations.
  • GTRGuaranteed to Run
    Guaranteed to Run
    GTR classes are guaranteed to run as promised and delivered.
Course Summary
Show All

Description

This course provides resources to make the configuration and use of the Cisco Stealthwatch System manageable. The course builds on the content introduced in the Cisco Stealthwatch for Security Operations, Cisco Stealtwatch for Network Operations and Cisco Stealthwatch for System Administrators courses.

Objectives

After taking this course, you should be able to:

  • Describe how the Cisco Stealthwatch Enterprise system provides network visibility through monitoring and detection.
  • Define tuning and how it helps the Stealthwatch system create actionable alarms.
  • Use the stages of the tuning process to identify workflows and best practices to operationalize Stealthwatch.

Prerequisites

All students should have completed the following (minimum) prerequisites. 

  • Cisco Stealthwatch for Security Operations 

  • Cisco Stealthwatch for Network Operations 

  • Stealthwatch Foundations

Who Should Attend

This course is intended for individuals who are responsible for tuning the Stealthwatch System, creating and maintaining policies, monitoring traffic, and obtaining and responding to actionable alarms.

Outline

Day One

  • Course Introduction (60 minutes)
  • Cisco Stealthwatch Tuning Course Overview (15 minutes)
  • The Purpose of Tuning (15 minutes)
  • Understanding Security Events and Alarms (15 minutes)
  • Defining Stealthwatch Policies (30 minutes)
  • Lunch (60 minutes)
  • Classify the System (30 minutes)
    • Lab: Classify Public and PrivateIP Addresses (15 minutes)
    • Lab: Trusted Internet Hosts (30 minutes)
    • Lab: Classify Undefined Services and Applications (30 minutes)
  • Quiet Noisy Hosts (30 minutes)
    • Lab: Classify Network Scanners with the SMC Web UI (30 minutes)
    • Lab: Reclassify IPs to Reduce Noise (15 minutes)

Day Two

  • Day One Review (20 minutes)
  • Posture the System (30 minutes)
    • Lab: Edit Role Policy (30 minutes)
  • Host Locks and Custom Security Events (15 minutes)
    • Lab: Host Locks and Custom Security Events (30 minutes)
  • Lunch (60 minutes)
  • Response Management (20 minutes)
  • Tiered Alarms (30 minutes)
    • Lab: Create a Dashboard (30 minutes)
  • Culminating Scenario: Tuning (60 minutes)
  • Tuning Best Practices in Stealthwatch (10 minutes)
  • Cisco Stealthwatch Tuning Course Outcomes (15 minutes)
  • Course Conclusion (15 minutes)

Related Topics