Cisco StealthWatch Solution Overview Workshop (CSWSO)
About this Course
Cisco StealthWatch Solution Overview workshop is designed to provide knowledge to Cisco partners and customers who are responsible for detecting advanced and persistent security threats in order to combat cyberattacks. This workshop provides partner and customer engineers with an overview of Cisco StealthWatch Solution, required and optional components and shows how to analyze security events and alarms, hunt threats and respond to incidents.
Audience Profile
Cisco customers and partners planning to implement and use Cisco StealthWatch for network data collection and analysis to deliver comprehensive visibility and protection for any type of the network.
At Course Completion
After attending this workshop, students will be be able to:
- Understand the role of NetFlow in network telemetry
- Position different components of Cisco StealthWatch solution
- Understand the threat detection and incident response processes
Prerequisites
It is recommended that the learner have the following skills before attending this course:
- Cisco Certified Network Associate Routing and Switching (CCNA R&S) certification
- Cisco Certified Network Professional Security (CCNP Security) certification
- Operating system administration familiarity (for example, Linux and Windows)
Course Outline
Day 1
Module 1: Network Telemetry
- The Need for Network Telemetry
- NetFlow Fundamentals
- NetFlow Security Event Logging (NSEL)
- Cisco StealthWatch Solution Overview
Module 2: Architecture and Components of Cisco StealthWatch
- StealthWatch Architecture
- Required Components and Licenses
- Flow Collector
- StealthWatch Management Console (SMC)
- Flow License
- Optional Components and Licenses
- Flow Sensor
- UDP Director
- Threat Intelligence License
- Proxy License
- Identity Integration
- Cloud License
- Endpoint Concentrator
- Learning Network License
- Security Packet Analyzer
Module 3: Design Guidance
- Sizing the Solution
- StealthWatch High Availability Design
- Enterprise Tree and Host Groups
Module 4: Detecting Threats
- Anomaly Detection Model
- Security Events
- Alarm Categories
- Threat Hunting
- Incident Response
- Documentation
Day 2
StealthWatch Solution Labs
- Lab 1: The WebUI
- Lab 2: The Swing Client
- Lab 3: Inspecting Host Group setup
- Lab 4: Performing Flow Queries
- Lab 5: Using Documents
- Lab 6: Confirming the parameters of a rule/policy
- Lab 7: Investigating an Alarm
- Lab 8: Copyright Infringement Event
- Lab 9: Verify Cisco TrustSec Implementation
- Lab 10: Malware Investigation
- Lab 11: Investigating Proxy Connections
- Lab 12: Insider Threat Detection
- Lab 13: Building an audit trail
Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com
Request a Date