SWAT-Cisco Stealthwatch Tuning
SWAT-Cisco Stealthwatch Tuning Course Details:
The course builds on the content introduced in the Cisco Stealthwatch for Security Operations, Cisco Stealthwatch for Network Operations and Cisco Stealthwatch for System Administrators courses.
Call (919) 283-1653 to get a class scheduled online or in your area!
- Course Introduction
- Cisco Stealthwatch Tuning Course Overview
- The Purpose of Tuning
- Understanding Security Events and Alarms
- Defining Stealthwatch Policies
- Classify the System
- Lab: Classify Public and PrivateIP Addresses
- Lab: Trusted Internet Hosts
- Lab: Classify Undefined Services and Applications
- Quiet Noisy Hosts
- Lab: Classify Network Scanners with the SMC Web UI
- Lab: Reclassify IPs to Reduce Noise
- Day One Review
- Posture the System
- Lab: Edit Role Policy
- Host Locks and Custom Security Events
- Lab: Host Locks and Custom Security Events
- Response Management
- Tiered Alarms
- Lab: Create a Dashboard
- Culminating Scenario: Tuning
- Tuning Best Practices in Stealthwatch
- Cisco Stealthwatch Tuning Course Outcomes
- Course Conclusion
*Please Note: Course Outline is subject to change without notice. Exact course outline will be provided at time of registration.
After taking this course, you should be able to:
- Describe how the Cisco Stealthwatch Enterprise system provides network visibility through monitoring and detection.
- Define tuning and how it helps the Stealthwatch system create actionable alarms.
- Use the stages of the tuning process to identify workflows and best practices to operationalize Stealthwatch.
All students should have completed the following (minimum) prerequisites.
- Cisco Stealthwatch for Security Operations
- Cisco Stealthwatch for Network Operations
- Stealthwatch Foundations
This course is intended for individuals who are responsible for tuning the Stealthwatch System, creating and maintaining policies, monitoring traffic, and obtaining and responding to actionable alarms.