Résumé du cours
The Stealthwatch courses are available for Private on-sites only at this time. If you are interested in one or more of these courses or need a custom training class, please contact us at email@example.com. All Stealthwatch courses accept CLCs as payment.
Cisco Stealthwatch for Security Operations is a 2-day, instructor-led, lab-based, hands-on course that focuses on using Cisco Stealthwatch Enterprise from the perspective of a security analyst. The overarching goal of the course is to use the Stealthwatch System to investigate potential security issues and make initial determinations on whether to proceed with a more thorough investigation or to move on to the next potential threat.
A qui s'adresse cette formation
This course is intended for individuals who are responsible for using Stealthwatch to monitor security policy, provide feedback on the configuration and initiate incident response investigations.
- Flow Basics
- Cisco Stealthwatch Overview and Components
- Cisco Stealthwatch SMC Client Interface Overview
- Cisco Stealthwatch Web App Overview
- Explain what Cisco Stealtwatch is and how it works.
- Explain how hosts and host groups are defined in Cisco Stealthwtch.
- Define basic concepts of policy management.
- Identify the three phases of the Cisco Stealthwatch tuning process.
- Complete workflows to identify indicators of compromise in your network.
Outline: Cisco Stealthwatch Security (SSO)
Module 1: Stealthwatch
- Cisco Stealthwatch Security Overview
- Introduction to Security
Module 2: Stealthwatch in the Proactive Mode
- Using Stealthwatch in the Proactive Mode
- Pattern Recognition
- Investigation and Detection Using Stealthwatch
Module 3: Stealthwatch in the Operational Mode
- Using Stealthwatch in the Operational Mode
- Alarms and Alarm Response
- Host Identification
Module 4: Summary
- Culminating Scenario: Using Stealthwatch for Insider Threats
- Putting Together an Incident Response Process
- Example Workflow for Incident Response
- Security Best Practices in Stealthwatch
- Using Top Reports and Flow Tables for Detection
- Creating and Using Dashboards for Detection
- Creating Custom Security Events
- Responding to Alarms
- Proactive Investigation Practice
- Using Maps for Incident Response
- Identify Hosts Using Host Snapshot and Host Report