> > > CSWSO

Cisco StealthWatch Solution Overview Workshop (CSWSO)

Course Description Schedule Course Outline
 

Course Overview

Cisco StealthWatch Solution Overview workshop is designed to provide knowledge to Cisco partners and customers who are responsible for detecting advanced and persistent security threats in order to combat cyberattacks. This workshop provides partner and customer engineers with an overview of Cisco StealthWatch Solution, required and optional components and shows how to analyze security events and alarms, hunt threats and respond to incidents.

Who should attend

Cisco customers and partners planning to implement and use Cisco StealthWatch for network data collection and analysis to deliver comprehensive visibility and protection for any type of the network.

Prerequisites

It is recommended that the learner have the following skills before attending this course:

  • Cisco Certified Network Associate Routing and Switching (CCNA R&S) certification
  • Cisco Certified Network Professional Security (CCNP Security) certification
  • Operating system administration familiarity (for example, Linux and Windows)

Course Objectives

After attending this workshop, students will be be able to:

  • Understand the role of NetFlow in network telemetry
  • Position different components of Cisco StealthWatch solution
  • Understand the threat detection and incident response processes

Outline: Cisco StealthWatch Solution Overview Workshop (CSWSO)

Day 1

Module 1: Network Telemetry

  • The Need for Network Telemetry
  • NetFlow Fundamentals
  • NetFlow Security Event Logging (NSEL)
  • Cisco StealthWatch Solution Overview

Module 2: Architecture and Components of Cisco StealthWatch

  • StealthWatch Architecture
  • Required Components and Licenses
    • Flow Collector
    • StealthWatch Management Console (SMC)
    • Flow License
  • Optional Components and Licenses
    • Flow Sensor
    • UDP Director
    • Threat Intelligence License
    • Proxy License
    • Identity Integration
    • Cloud License
    • Endpoint Concentrator
    • Learning Network License
    • Security Packet Analyzer

Module 3: Design Guidance

  • Sizing the Solution
  • StealthWatch High Availability Design
  • Enterprise Tree and Host Groups

Module 4: Detecting Threats

  • Anomaly Detection Model
  • Security Events
  • Alarm Categories
  • Threat Hunting
  • Incident Response
  • Documentation

Day 2

StealthWatch Solution Labs

  • Lab 1: The WebUI
  • Lab 2: The Swing Client
  • Lab 3: Inspecting Host Group setup
  • Lab 4: Performing Flow Queries
  • Lab 5: Using Documents
  • Lab 6: Confirming the parameters of a rule/policy
  • Lab 7: Investigating an Alarm
  • Lab 8: Copyright Infringement Event
  • Lab 9: Verify Cisco TrustSec Implementation
  • Lab 10: Malware Investigation
  • Lab 11: Investigating Proxy Connections
  • Lab 12: Insider Threat Detection
  • Lab 13: Building an audit trail
 
Click City Name To Book Schedule
This is an Instructor-Led Classroom course
This is a FLEX course, which is delivered simultaneously in two modalities. Choose to attend the Instructor-Led Online (ILO) virtual session or Instructor-Led Classroom (ILT) session.
United States

Currently there are no training dates scheduled for this course.  You can schedule a private, onsite training session or request a public date by emailing info@fastlaneus.com.

Europe
Croatia
Nov 4-5, 2019 This is a FLEX event Zagreb Course language: English Enroll
Online Training Time zone: Europe/Zagreb Enroll
Czech Republic
Jun 3-4, 2019 This is a FLEX event Prague Course language: English Enroll
Online Training Time zone: Europe/Prague Enroll
Serbia
Jan 21-22, 2019 This is a FLEX event Belgrade Course language: English Enroll
Online Training Time zone: Europe/Belgrade Enroll
Slovenia
Mar 4-5, 2019 This is a FLEX event Ljubljana Course language: English Enroll
Online Training Time zone: Europe/Ljubljana Enroll
Turkey
Sep 23-24, 2019 This is a FLEX event Istanbul Course language: English Enroll
Online Training Time zone: Asia/Istanbul Enroll