Cisco Stealthwatch Tuning (SWAT)


Résumé du cours

The Stealthwatch courses are available for Private on-sites only at this time. If you are interested in one or more of these courses or need a custom training class, please contact us at All Stealthwatch courses accept CLCs as payment.


Cisco Stealthwatch Tuning is a 2-day instructor-led, lab-based, hands-on course offered by the Cisco Stealthwatch Learning Services team. A strong understanding of the Stealthwatch tuning process is crucial for gaining visibility across your enterprise and detecting actionable threats. This two-day course covers all essential aspects of the tuning process, including tuning best practices, which will optimize the Stealthwatch System.

A qui s'adresse cette formation

This course is intended for individuals who are responsible for tuning the Stealthwatch System, creating and maintaining policies, monitoring traffic, and obtaining and responding to actionable alarms.


All students should have completed the following (minimum) prerequisites.

  • Cisco Stealthwatch for Security Operations
  • Cisco Stealthwatch for Network Operations


  • Create summary views of all alarms in the system.
  • Explain how summary views can help prioritize the tuning strategy.
  • Develop tuning recommendations based on security events and alarm summary.
  • Identify workflows for tuning specific security events.
  • Test tuning strategies and recommendations.

Outline: Cisco Stealthwatch Tuning (SWAT)

Module 1: Introduction

  • Cisco Stealthwatch Tuning Course Overview
  • The Purpose of Tuning
  • Understanding Security Events and Alarms
  • Defining Stealthwatch Policies

Module 2: Classify the Stealthwatch System

  • Classify the System
  • Lab: Classify Public and Private IP Addresses
  • Lab: Trusted Internet Hosts
  • Lab: Classify Undefined Services and Applications

Module 3: Quiet Noisy Hosts

  • Quiet Noisy Hosts
  • Lab: Classify Network Scanners with the SMC Web UI
  • Lab: Reclassify IPs to Reduce Noise

Module 4: Posture the Stealthwatch System

  • Posture the System
  • Lab: Edit Role Policy
  • Host Locks and Custom Security Events
  • Lab: Host Locks and Custom Security Events
  • Response Management
  • Tiered Alarms
  • Lab: Create a Dashboard

Module: Summary and Course Wrap-up

  • Culminating Scenario: Tuning
  • Tuning Best Practices in Stealthwatch
  • Cisco Stealthwatch Tuning Course Outcomes
  • Course Conclusion

Prix & Delivery methods

Formation en ligne

2 jours

  • Online Training : CAD 3 900,–
  • Online Training : US$ 3 000,–
  • Cisco Learning Credits : 30
Formation en salle équipée

2 jours

  • Canada : CAD 3 900,–
  • Cisco Learning Credits : 30


Actuellement aucune session planifiée