SWAT-Cisco Stealthwatch Tuning Course Details:

The course builds on the content introduced in the Cisco Stealthwatch for Security Operations, Cisco Stealthwatch for Network Operations and Cisco Stealthwatch for System Administrators courses.

    No classes are currenty scheduled for this course.

    Call (919) 283-1653 to get a class scheduled online or in your area!

Day One

  • Course Introduction
  • Cisco Stealthwatch Tuning Course Overview
  • The Purpose of Tuning
  • Understanding Security Events and Alarms
  • Defining Stealthwatch Policies
  • Classify the System
  • Lab: Classify Public and PrivateIP Addresses
  • Lab: Trusted Internet Hosts
  • Lab: Classify Undefined Services and Applications
  • Quiet Noisy Hosts
  • Lab: Classify Network Scanners with the SMC Web UI
  • Lab: Reclassify IPs to Reduce Noise


Day Two

  • Day One Review
  • Posture the System
  • Lab: Edit Role Policy
  • Host Locks and Custom Security Events
  • Lab: Host Locks and Custom Security Events
  • Response Management
  • Tiered Alarms
  • Lab: Create a Dashboard
  • Culminating Scenario: Tuning
  • Tuning Best Practices in Stealthwatch
  • Cisco Stealthwatch Tuning Course Outcomes
  • Course Conclusion

*Please Note: Course Outline is subject to change without notice. Exact course outline will be provided at time of registration.

After taking this course, you should be able to:

  • Describe how the Cisco Stealthwatch Enterprise system provides network visibility through monitoring and detection.
  • Define tuning and how it helps the Stealthwatch system create actionable alarms.
  • Use the stages of the tuning process to identify workflows and best practices to operationalize Stealthwatch.

All students should have completed the following (minimum) prerequisites.

  • Cisco Stealthwatch for Security Operations
  • Cisco Stealthwatch for Network Operations
  • Stealthwatch Foundations

This course is intended for individuals who are responsible for tuning the Stealthwatch System, creating and maintaining policies, monitoring traffic, and obtaining and responding to actionable alarms.

Ready to Jumpstart Your IT Career?