SWAT-Cisco Stealthwatch Tuning

Day One

• Course Introduction
• Cisco Stealthwatch Tuning Course Overview
• The Purpose of Tuning
• Understanding Security Events and Alarms
• Defining Stealthwatch Policies
• Classify the System
• Lab: Classify Public and PrivateIP Addresses
• Lab: Trusted Internet Hosts
• Lab: Classify Undefined Services and Applications
• Quiet Noisy Hosts
• Lab: Classify Network Scanners with the SMC Web UI
• Lab: Reclassify IPs to Reduce Noise

Day Two

• Day One Review
• Posture the System
• Lab: Edit Role Policy
• Host Locks and Custom Security Events
• Lab: Host Locks and Custom Security Events
• Response Management
• Tiered Alarms
• Lab: Create a Dashboard
• Culminating Scenario: Tuning
• Tuning Best Practices in Stealthwatch
• Cisco Stealthwatch Tuning Course Outcomes
• Course Conclusion

After taking this course, you should be able to:

• Describe how the Cisco Stealthwatch Enterprise system provides network visibility through monitoring and detection.
• Define tuning and how it helps the Stealthwatch system create actionable alarms.
• Use the stages of the tuning process to identify workflows and best practices to operationalize Stealthwatch.

All students should have completed the following (minimum) prerequisites.

• Cisco Stealthwatch for Security Operations
• Cisco Stealthwatch for Network Operations
• Stealthwatch Foundations

This course is intended for individuals who are responsible for tuning the Stealthwatch System, creating and maintaining policies, monitoring traffic, and obtaining and responding to actionable alarms.