Menu

Introduction to Stealthwatch Implementation

ALL SLI DATES ARE GUARANTEED TO RUN!

Check out our full list of training locations and learning formats. Please note that the location you choose may be an Established HD-ILT location.

Overview

This 2-day Stealthwatch training course is designed to take a user through the initial introduction of flow in a network and introduces how Stealthwatch uses flows. Our online Stealthwatch training course then introduces users to the Stealthwatch product and its functionality, enabling you to proactively and reactively maintain network health. This course also specifically addresses the SMC client interface and SMC Web App Interface.

Basic Windows navigation skills, CCNA (or equivalent knowledge), and familiarity with standard network security concepts are all firm prerequisites in order to excel in this course. To get more details about Cisco Stealthwatch, read more information below from NterOne. 

Target Audience

The knowledge and skills that a learner should have before attending this course are as follows:

  • Customers whose role is to use the Stealthwatch System to monitor network performance.
  • Channel partners responsible for completing the initial configuration of the Stealthwatch System into a customer network.
  • Employees responsible for completing the initial configuration of the Stealthwatch System into a customer network.

Prerequisites

This course is designed for network engineers who are interested in implementing Stormwatch in their network environment. To fully take advantage of this course and the topics covered therein, one must possess certain skills prior to attending. These skills include but are not limited to the following:

  • CCNA or equivalent knowledge
  • Familiarity with network security concepts
  • Basic Windows navigation skills

Course Objectives

After completing this course you will be able to implement Stealthwatch in you network and collect forensic data. This course aims to do the following:

  • Introduce learners to Flow concepts
  • Introduce learners to Stealthwatch
  • Teach learners how to proactively and reactively use Stealthwatch to maintain the health of their network

Full Course Outline

Module 1: Flow Basics

  • Netflow Overview
  • Flow Information
  • Flow Collector
  • Flow Stitching for bi-directional flow
  • Deduplication

Module 2: Introduction to Stealthwatch

  • What is Stealthwatch?
  • Types of input
  • Stealthwatch Management Console
  • Flow Collector
  • UDP Director
  • Flow Sensor
  • Cisco ISE
  • Threat Intelligence License
  • Visibility Through Netfow
  • Conversational Flow Record
  • Discovery
  • IOC
  • Response

Module 3: Introduction to Flow Collector

  • Overview of Flow Collector
  • Key Features of Flow Collector
  • Baselining of all IP traffic
  • Anomaly detection in traffic/host behavior
  • Layer 7 anomaly detection
  • Appliance or virtual deployment options
  • NAT stitching
  • P2P file sharing detection
  • Host and service profiling
  • Index-based prioritization technology OS fingerprinting
  • Support for application-aware flows such as NBAR2
  • Support for custom applications
  • Closest interface determination and tracking
  • Deduplication of flows
  • Virtual environment monitoring
  • Host Group tracking and reporting
  • Router interface tracking and reporting
  • Bandwidth accounting and reporting
  • Packet-level performance metrics
  • QoS (DSCP) monitoring
  • Interface utilization alarming
  • Unauthorized host access detection
  • Unauthorized Web server detection
  • Misconfigured firewall detection
  • Combined internal and external monitoring
  • Full flow logging
  • Worm detection
  • Botnet detection
  • DoS/DDoS detection (SYN, ICMP, or UDP flood)
  • Fragmentation attack detection
  • Network scanning and reconnaissance detection
  • Large file transfer detection
  • Rogue server detection
  • Long term flow retention

Module 4: Introduction to UDP Director

  • UDP Director Overview
  • Key Features of UDP Director
  • Simplifies collection of network and security data
  • Reduces points of failure on your network
  • Provides a single destination for all UDP formats on the network including Netflow, SNMP, syslog, etc
  • Reduces network congestion for optimum network performance 

Module 5: Introduction to Proxywatch

  • Proxy watch overview
  • Key Features
  • Enhanced network visibility
  • Additional context around converstions
  • Follow the flow

Module 6: Introduction to StealthWatch Labs Intelligence Center (SLIC) Threat Feed

  • SLIC High Level Overview
  • Module 7: Stealthwatch Installation
  • This module introduces learners to the installation process of a Stealthwatch SMC VM and Flow Collector
  • VM editions
  • Recommended Resources
  • Required Ports
  • Example Deployment
  • Deploying the OVA
  • Logging into the SMC
  • Initial Setup
  • Adding Flow Collectors

Module 8: Stealthwatch Management Console

  • Overview of SMC
  • Key Features
  • User identity tracking
  • Appliance and virtual deployment options
  • Root-cause analysis and troubleshooting
  • Relational flow maps
  • NAT stitching
  • Custom dashboards
  • Custom reporting
  • Blocking, remediation or rate limiting
  • Top N reports for applications, services, ports, protocols, hosts, peers and conversations
  • Traffic composition breakdown
  • Customizable user interface based on Point-of-View technology
  • Advanced flow visualization
  • Internal and external monitoring
  • Capacity planning and historical traffic trending
  • WAN optimization reporting
  • DSCP bandwidth utilization
  • Worm propagation visualization
  • Internal security for high-speed networks
  • Customizing Views

Module 9: Case Study

  • Case Study 1
  • Case Study 2
SLI Main Menu