> > > SSO

Cisco Stealthwatch for Security Operations (SSO)

Course Description Schedule Course Outline
 

Course Overview

The Stealthwatch courses are available for Private on-sites only at this time. If you are interested in one or more of these courses or need a custom training class, please contact us at info@fastlaneus.com. All Stealthwatch courses accept CLCs as payment.

Course Content

Cisco Stealthwatch for Security Operations is a 2-day, instructor-led, lab-based, hands-on course that focuses on using Cisco Stealthwatch Enterprise from the perspective of a security analyst. The overarching goal of the course is to use the Stealthwatch System to investigate potential security issues and make initial determinations on whether to proceed with a more thorough investigation or to move on to the next potential threat.

Who should attend

This course is intended for individuals who are responsible for using Stealthwatch to monitor security policy, provide feedback on the configuration and initiate incident response investigations.

Prerequisites

  • Flow Basics
  • Cisco Stealthwatch Overview and Components
  • Cisco Stealthwatch SMC Client Interface Overview
  • Cisco Stealthwatch Web App Overview

Course Objectives

  • Explain what Cisco Stealtwatch is and how it works.
  • Explain how hosts and host groups are defined in Cisco Stealthwtch.
  • Define basic concepts of policy management.
  • Identify the three phases of the Cisco Stealthwatch tuning process.
  • Complete workflows to identify indicators of compromise in your network.

Outline: Cisco Stealthwatch for Security Operations (SSO)

Module 1: Stealthwatch

  • Cisco Stealthwatch Security Overview
  • Introduction to Security

Module 2: Stealthwatch in the Proactive Mode

  • Using Stealthwatch in the Proactive Mode
  • Pattern Recognition
  • Investigation and Detection Using Stealthwatch

Module 3: Stealthwatch in the Operational Mode

  • Using Stealthwatch in the Operational Mode
  • Alarms and Alarm Response
  • Maps
  • Host Identification

Module 4: Summary

  • Culminating Scenario: Using Stealthwatch for Insider Threats
  • Putting Together an Incident Response Process
  • Example Workflow for Incident Response
  • Security Best Practices in Stealthwatch
  • Outcomes

Labs:

  • Using Top Reports and Flow Tables for Detection
  • Creating and Using Dashboards for Detection
  • Creating Custom Security Events
  • Responding to Alarms
  • Proactive Investigation Practice
  • Using Maps for Incident Response
  • Identify Hosts Using Host Snapshot and Host Report
Classroom Training
Modality: G

Duration 2 days

Enroll now
 
Schedule

Currently there are no training dates scheduled for this course.  Request a date