Hi,We are running a SDA fabric with Trustsec-based enforcement and SGT in place. Our edge nodes generate logs for all the traffic blocked by the TrustSec matrix. Those logs contain src and dst IP + port information. Is it possible to ingest those log...
Welcome to the Security Analytics Board!
Please take a look at our Stealthwatch Information Hub and our Stealthwatch Use Cases.Forum Posts
Anyone knows the Secure Malware analytics (ThreatGrid) cloud license can be applied in SMA M6 hardware appliance. Attaching screenshot below;
It seems that when the ESA interrupts the e-mail for "borted due to size limit exceeded" on the tracking we see message size : na, we would like to know if it is possible to make it possible to see the size of the e-mail that was aborted?
Hi everyone,Having some .CSE rules when high amount of data Is leaving a internal network. Having alot of false positives related to this. And I'm wondering If It's possible in some way to exclude a specifik "Subject Payload" field?That "Subject Payl...
I am installing virtual SMC, FS, and FC. SMC and FC is already running but I encounter the same error. I am assuming its related to time sync since the error happens after it apply settings on the ntp server. On the FC, I did not do anything and just...
Hello, I try to use option from stealthwatch to find network scanners. I started ping scan from my PC. After a while I saw that I have Top Security Event for my host Ping_Scan with CI = 590,400, after it I went to Report - Visibility Assessment - In...
Hello! I´m studying the cybersecurity analist course and I´m stuck in the terminal security course due to i cannot download the CSE-LABVM the OVA files from the security station work.Please, can someone help me?
I try to replace appliance identity certificate Generated CSR for ManagerGenerated CSR for CollectorSent them to OUR CA (DC) (admins did template follow this guide https://dependencyhell.net/2021/securing-stealthwatch-with-ca-signed-certificates) Ge...
Hi, doing some investigation into Stealthwatch...setting this up in my lab with Data Store option. Mgmt server sent through okay but as I went threw the data store initialization at the console, it asks at the end to register with central manager. I...
After upgrading to version 7.5.1 Cisco Security Network Analytics client isn't working. I enter the Ip address of the sms server andthe window stops at this point:
Hi allExperiencing Issues with creating Custom Security Events towards NVM (nvzflows) In my SNA platform.Been creating a test Custom Security Event, just to see If it triggers."CSE: Forbidden Application"When any subject host; using the process "well...
HelloIs everyone here having experience with the NVM-module, that Is possible to have within the Secure Client?How does SNA handles large amount of NVM-flows? Lets say between 5K -> 10K clients.Ideally Is It worth setting up a dedicated Flow Collecto...
how to migrate cisco stealthwatch to new secure network analytics (SNA) hardware?Which is the latest stable version for SNA now?
Hello, I am testing SNA (Stealthwatch) in my lab (ESXi). I have installed version 7.5.1 - SMC, Flow Collector, Flow Sensor, Data Store. I want to test Flow sensor. I have added additional interface for SPAN traffic. I have enabled "ERSPAN Decapsulati...
anyone know good online resource for Cisco Threat Grid (Secure Malware analytics) training for a novice to start.
