https://community.cisco.com/t5/security-analytics/stealthwatch-setup-and-functionalities/m-p/3684063#M110 <P>Hello,</P> <P>the fact that you don't see the full traffic from the main dashboard is normal: that is designed to show only active alarms.</P> <P>In order to use the java client, please click on Desktop Client (top right corner on the screenshot).</P> <P>&nbsp;</P> <P>From the webUI you can run Analyze-&gt;Flow Search and run a query to see every flow recevied by the flow collector.</P> <P>&nbsp;</P> <P>The contextual guide available in the help menu is the best guide I can suggest for the WebUI.</P> <P>&nbsp;</P> <P>I'll reply per points now:</P> <P>- It depends on what you'll need to do. If your role is security analyst probably not. If you need to manage any of the advanced features, than yes.</P> <P>- Contextual menu</P> <P>- UDP:2055 and TCP:443 if you point the flow sensor to the SMC (Management System configuration option). 2055 is the default port number. You can change it.</P> <P>- 60 days as per <A href="https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/release_notes/SW_6_10_2_Release_Notes_DV_1_2.pdf" target="_blank">https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/release_notes/SW_6_10_2_Release_Notes_DV_1_2.pdf</A>.</P> <P>&nbsp;</P> <P>Hope this helps.</P> <P>&nbsp;</P> <P>Dario</P> Wed, 08 Aug 2018 12:44:10 GMT dcavalla 2018-08-08T12:44:10Z https://community.cisco.com/t5/security-analytics/stealthwatch-setup-and-functionalities/m-p/3682898#M109 <P>Hi;</P> <P>I'm working on Stealthwatch and to practice it's futures I downloaded the "Trial" virtual components (version 6.10.2) and installed/configured in this order:</P> <OL> <LI>I installed Flow Collector virtual.</LI> <LI>I installed Management Console virtual.</LI> <LI>I created management channel between Flow Collector and Management Console.</LI> <LI>There was no Netflow capable device that I could use, so I had to install Flow Sensor virtual.&nbsp;</LI> <LI>On Flow Sensor I added flow collector &amp; management console IP addresses.&nbsp;</LI> </OL> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="s1.png" style="width: 721px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/16215i50658BE4AC24EA2C/image-size/large?v=v2&amp;px=999" role="button" title="s1.png" alt="s1.png" /></span></P> <P>&nbsp;</P> <P>6. Flow Sensor virtual had 2 interfaces, which I connect the first one to my management network and the 2nd interface to another standard vSwitch on my vSphere client. I Assigned a physical interface to that vSwitch and attached it to a SPAN port on the physical switch.&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="s2.png" style="width: 567px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/16217i1F6EB57002294F2D/image-size/large?v=v2&amp;px=999" role="button" title="s2.png" alt="s2.png" /></span></P> <P>&nbsp;</P> <P>7. I changed the Promiscuous mode on the above port group (TFSensor) to "Accept".&nbsp;</P> <P>8. The home page on the Flow Collector shows that I'm receiving flows.&nbsp;</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="s3.png" style="width: 873px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/16218i84CA07C196F59C48/image-size/large?v=v2&amp;px=999" role="button" title="s3.png" alt="s3.png" /></span></P> <P>&nbsp;</P> <P>9. But I don't see any information on Management Console. I shows only 3 devices as this but nothing else.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="s4.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/16220i93F8DA31D4E8717D/image-size/large?v=v2&amp;px=999" role="button" title="s4.png" alt="s4.png" /></span></P> <P>&nbsp;</P> <P>Also I didn't managed to find "any" documents or user guides for the stealthwatch except ones currently are on the Cisco website which use SMC java client for version 6.9. But I only can see webUI which doesn't have to do anything to the menu structures of the SMC java client. So besides the issue that I mentioned up to this point,</P> <UL> <LI>Do I need to use that client for version 6.10.2?&nbsp;</LI> <LI>Where can I find SMC user guides for WebUI?&nbsp;</LI> <LI>Does Flow Sensor communicate with Flow Collector through UDP:2055 ?</LI> <LI>What is the limitations of the Trial version?</LI> </UL> Tue, 20 Aug 2019 17:29:56 GMT https://community.cisco.com/t5/security-analytics/stealthwatch-setup-and-functionalities/m-p/3682898#M109 ciscoworlds 2019-08-20T17:29:56Z https://community.cisco.com/t5/security-analytics/stealthwatch-setup-and-functionalities/m-p/3684063#M110 <P>Hello,</P> <P>the fact that you don't see the full traffic from the main dashboard is normal: that is designed to show only active alarms.</P> <P>In order to use the java client, please click on Desktop Client (top right corner on the screenshot).</P> <P>&nbsp;</P> <P>From the webUI you can run Analyze-&gt;Flow Search and run a query to see every flow recevied by the flow collector.</P> <P>&nbsp;</P> <P>The contextual guide available in the help menu is the best guide I can suggest for the WebUI.</P> <P>&nbsp;</P> <P>I'll reply per points now:</P> <P>- It depends on what you'll need to do. If your role is security analyst probably not. If you need to manage any of the advanced features, than yes.</P> <P>- Contextual menu</P> <P>- UDP:2055 and TCP:443 if you point the flow sensor to the SMC (Management System configuration option). 2055 is the default port number. You can change it.</P> <P>- 60 days as per <A href="https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/release_notes/SW_6_10_2_Release_Notes_DV_1_2.pdf" target="_blank">https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/release_notes/SW_6_10_2_Release_Notes_DV_1_2.pdf</A>.</P> <P>&nbsp;</P> <P>Hope this helps.</P> <P>&nbsp;</P> <P>Dario</P> Wed, 08 Aug 2018 12:44:10 GMT https://community.cisco.com/t5/security-analytics/stealthwatch-setup-and-functionalities/m-p/3684063#M110 dcavalla 2018-08-08T12:44:10Z