Use Case Workshops are hands-on, instructor-led courses focused on specific use case outcomes in Cisco Stealthwatch Enterprise. The workshops are designed to help you quickly identify and investigate common threats and to provide effective workflows so that you can fully understand Stealthwatch capabilities. In this workshop, you will work through a series of use cases that focus on detecting rogue hosts on your network.This workshop is intended to be interactive and engaging. You are encouraged to ask questions, respond to questions, and share best practices and ideas.
Cisco Stealthwatch Use Case Workshop: Are There Rogue Hosts in My Network? (UCWRH)
Schedule
- No schedule events found for this course.
- PC
Private Class
Privately train a group of your employees at your facility, virtually, or any of our locations.
- PC
- LCLive Classroom
Live Classroom
Learn and interact with your instructor and peers in-person in our classrooms. - VCVirtual Classroom
Virtual Classroom
Attend any of our instructor-led classes virtually regardless of your physical location. - PCPrivate Class
Private Class
Privately train a group of your employees at your facility, virtually, or any of our locations. - GTRGuaranteed to Run
Guaranteed to Run
GTR classes are guaranteed to run as promised and delivered.
Course Summary
Show All
Description
Objectives
After taking this workshop, you should be able to:
- Adjust policy to create alarms for Brute Force Login.
- Identify indicators of suspicious activities using the Host Report.
- Create a custom flow search to identify disallowed DHCP servers.
Prerequisites
To complete this workshop, the following components must be installed and configured on your network:
- Stealthwatch Management Console Version 7.0 or later
- Stealthwatch Flow Collector
Who Should Attend
This course is intended for individuals who are responsible for using Stealthwatch to monitor security policy.
Outline
- Validate network configuration of Cisco Stealthwatch appliances.
- Set base SMC configuration values.
- Use SMC documents and reports to determine if exporters are set up properly.
- Use SMC documents and reports, to determine IP addresses that belong to your organization.
- Place hosts into appropriate host groups.
- Define services and applications.
- Add Stealthwatch users with specific roles.
- Create custom documents.
- Establish response management rules, triggers, and actions.