Cisco Stealthwatch Security (SSO)


Résumé du cours

The Stealthwatch courses are available for Private on-sites only at this time. If you are interested in one or more of these courses or need a custom training class, please contact us at All Stealthwatch courses accept CLCs as payment.


Cisco Stealthwatch for Security Operations is a 2-day, instructor-led, lab-based, hands-on course that focuses on using Cisco Stealthwatch Enterprise from the perspective of a security analyst. The overarching goal of the course is to use the Stealthwatch System to investigate potential security issues and make initial determinations on whether to proceed with a more thorough investigation or to move on to the next potential threat.

A qui s'adresse cette formation

This course is intended for individuals who are responsible for using Stealthwatch to monitor security policy, provide feedback on the configuration and initiate incident response investigations.


  • Flow Basics
  • Cisco Stealthwatch Overview and Components
  • Cisco Stealthwatch SMC Client Interface Overview
  • Cisco Stealthwatch Web App Overview


  • Explain what Cisco Stealtwatch is and how it works.
  • Explain how hosts and host groups are defined in Cisco Stealthwtch.
  • Define basic concepts of policy management.
  • Identify the three phases of the Cisco Stealthwatch tuning process.
  • Complete workflows to identify indicators of compromise in your network.

Outline: Cisco Stealthwatch Security (SSO)

Module 1: Stealthwatch

  • Cisco Stealthwatch Security Overview
  • Introduction to Security

Module 2: Stealthwatch in the Proactive Mode

  • Using Stealthwatch in the Proactive Mode
  • Pattern Recognition
  • Investigation and Detection Using Stealthwatch

Module 3: Stealthwatch in the Operational Mode

  • Using Stealthwatch in the Operational Mode
  • Alarms and Alarm Response
  • Maps
  • Host Identification

Module 4: Summary

  • Culminating Scenario: Using Stealthwatch for Insider Threats
  • Putting Together an Incident Response Process
  • Example Workflow for Incident Response
  • Security Best Practices in Stealthwatch
  • Outcomes


  • Using Top Reports and Flow Tables for Detection
  • Creating and Using Dashboards for Detection
  • Creating Custom Security Events
  • Responding to Alarms
  • Proactive Investigation Practice
  • Using Maps for Incident Response
  • Identify Hosts Using Host Snapshot and Host Report

Prix & Delivery methods

Formation en ligne

2 jours

  • Online Training : CAD 3 960,–
  • Online Training : US$ 3 000,–
  • Cisco Learning Credits : 30
Formation en salle équipée

2 jours

  • Canada : CAD 3 960,–
  • Cisco Learning Credits : 30


Actuellement aucune session planifiée