Course Overview
Use Case Workshops are hands-on, instructor-led courses focused on specific use case outcomes in Cisco Stealthwatch Enterprise. The workshops are designed to help you quickly identify and investigate common threats and to provide effective workflows so that you can fully understand Stealthwatch capabilities. In this workshop, you will work through a series of activities that focus on using Cisco Stealthwatch Enterprise to determine whether your network policies are configured correctly and being enforced.
Who should attend
This course is intended for individuals who are responsible for using Stealthwatch to monitor security policy, provide feedback on the configuration, and initiate incident response investigations.
Prerequisites
To complete this workshop, the following components must be installed and configured on your network:
- Stealthwatch Release 7.0 or later
- Stealthwatch Flow Collector
- Integration with Firewall
- Integration with Proxy/Nat Device
- Integration with Proxy/Nat Device
Course Objectives
After taking this course you should be able to
- Describe the advantages of integrating Stealthwatch with a SIEM.
- View SIEM data in Stealthwatch by creating a SIEM external lookup option.
- Configure the Splunk SIEM to accept Stealthwatch syslog entries through the Response Management feature.
- Explore a Stealthwatch API integration with Splunk.
This is a Cisco Learning Services course and is delivered directly by Cisco.