Résumé du cours
The Stealthwatch courses are available for Private on-sites only at this time. If you are interested in one or more of these courses or need a custom training class, please contact us at info@flane.fr. All Stealthwatch courses accept CLCs as payment.
Contenu
Cisco Stealthwatch Tuning is a 2-day instructor-led, lab-based, hands-on course offered by the Cisco Stealthwatch Learning Services team. A strong understanding of the Stealthwatch tuning process is crucial for gaining visibility across your enterprise and detecting actionable threats. This two-day course covers all essential aspects of the tuning process, including tuning best practices, which will optimize the Stealthwatch System.
A qui s'adresse cette formation
This course is intended for individuals who are responsible for tuning the Stealthwatch System, creating and maintaining policies, monitoring traffic, and obtaining and responding to actionable alarms.
Pré-requis
All students should have completed the following (minimum) prerequisites.
- Cisco Stealthwatch for Security Operations
- Cisco Stealthwatch for Network Operations
Objectifs
- Create summary views of all alarms in the system.
- Explain how summary views can help prioritize the tuning strategy.
- Develop tuning recommendations based on security events and alarm summary.
- Identify workflows for tuning specific security events.
- Test tuning strategies and recommendations.
Outline: Cisco Stealthwatch Tuning (SWAT)
Module 1: Introduction
- Cisco Stealthwatch Tuning Course Overview
- The Purpose of Tuning
- Understanding Security Events and Alarms
- Defining Stealthwatch Policies
Module 2: Classify the Stealthwatch System
- Classify the System
- Lab: Classify Public and Private IP Addresses
- Lab: Trusted Internet Hosts
- Lab: Classify Undefined Services and Applications
Module 3: Quiet Noisy Hosts
- Quiet Noisy Hosts
- Lab: Classify Network Scanners with the SMC Web UI
- Lab: Reclassify IPs to Reduce Noise
Module 4: Posture the Stealthwatch System
- Posture the System
- Lab: Edit Role Policy
- Host Locks and Custom Security Events
- Lab: Host Locks and Custom Security Events
- Response Management
- Tiered Alarms
- Lab: Create a Dashboard
Module: Summary and Course Wrap-up
- Culminating Scenario: Tuning
- Tuning Best Practices in Stealthwatch
- Cisco Stealthwatch Tuning Course Outcomes
- Course Conclusion