Using Stealthwatch and the Management Console what I'd suggest you do is look at the 'Top Alarming Hosts' and "Cognitive Threat Analytics' widgets.
Top Alarming hosts offers a list of the top alarming hosts based on all alerts and how Stealthwatch alerting has been tuned. Alerts contribute to a numeric score and the hosts with the highest score are ranked in that widget. It's updated every couple of minutes. Hosts listed are often 'inside' and as such most of the detections there are 'lateral' or 'east - west' (about activity between hosts inside your protected network).
The Cogntive widget provides risk scores based on analysis of data that your Flow Collector sent to the Cisco Cloud. This extends the analysis to include external hosts (or north south connectivity).
Through a service that uses the Stealthwatch APIs you can export data about either Top Alarming Hosts or Cognitive Threat Analytics to your own external programs or databases.
Using the Stealthwatch 'Response Management' capability an admin can define specific alerts that will produce additional responses (send a Syslog, send an email, etc,...). Those alert on specific conditions and the suggestion is that those be used when looking for (or 'hunting') specific evidence of some investigation.
I hope this helps. We're always looking to improve those videos (if it came from the Cisco Stealthwatch team).
part1 here https://community.cisco.com/t5/security-blogs/mitm-attack-ipsec-what-happens-if-attacker-knows-ipsec-pre/ba-p/3756562
A brief summary of the part1 : we showed that the security level of IPSec with preshared key is equal to the secu...
I have just received an email that looks like the attached (redacted) email telling me that I need to activate my Cisco Security account. What do I do with this?
1. This is an entitlement for a Cisco Security account. It is used ...
As one of the largest security companies in the world, we take great pride in building solutions that many thousands of organizations trust to secure their networks. Small businesses and large enterprises alike rely on Cisco firewalls to keep their organi...
Register for the March 14th webinar at 12pm PT / 3PM ET
Learn how to quickly stop threats by integrating your Cisco Security products:
Sharpen your threat hunting expertise using Umbrella, AMP, Email Security, Threat Grid, and Cisco Threa...