Hi, I need an advice. I want to be allarmed when one host eirher consume bandwith above 30 Mbps, I made new policy in the "Core events" - single host policy but it seems doesn't work What am I doing wrong?
Welcome to the Security Analytics Board!
Please take a look at our Stealthwatch Information Hub and our Stealthwatch Use Cases.Forum Posts
is there a way to reset all of the counters/data through the GUI in Stealthwatch? i have a different setup and want to see data only AFTER the new settings so that i can tell if it is actually working like it is supposed to.
Resolved! Stealthwatch SNA RRT SRT response times
Has anyone been able to get the response times values in Stealthwatch / SNA to populate? We're various Cisco switches and routers exporting netflow (most relevant here are Ciscp 3850 (16.9.5) and 9300 (16.9.7) and have followed the netflow config gu...
Anyone have idea what to do with this Vulnrability reported by a Vulscan service.this is for a cisco CBS 350 series switchthe switch is upgraded to latest frimware exist on cisco website , any idea how to fix this issue with open ssh7.4Summaryopenssh...
Has anyone tried to use the maxmind script provided here https://developer.cisco.com/codeexchange/github/repo/CiscoSE/MaxmindAsnImporter/ to import maxmind data into 7.4.1? Im using an instance in Dcloud and i get localhost MaxmindAsnImporter-maste...
Hi team, Differences have been observed between talos and SNA when they detect the country of origin of the traffic. For example, this IP 185[.]233[.]19[.]223 is from Pakistan and source host group from United States (according to SNA) but in talos i...
Hi, I have try to connect my ASA5555 FTD6.4 on FMC for sent syslog to SAL (On Prem) on SNA in manager only mode. As I research If I use SNA manager to install SAL (On Prem) that didn't required CDO, Is it? I have followed https://www.cisco.com/c/en/u...
Hello,is there anyone who has already worked on the stealthwatch solution version 7.3.2.I am unable to find the option desktop client. how can i download the java client or "desktop client" since i can't find it on the top right of the screen, see th...
Hello, i have got issue about FMC have not alerts if i try to scan from the internal network? and also when i scan the internal network that is thier network packet passes through the firewall results in source ip address maps to other internal netwo...
Hello friends, I would like to update my Cisco Secure Network Analytics Virtual Manager, which is currently on version 7.3.1. However, I understand that Cisco Secure Network Analytics Virtual Manager 7.4.2 (the latest recommended version) is not comp...
Hi, I am trying to run stealthwatch API to get the security events from Python sample script (https://developer.cisco.com/docs/stealthwatch/enterprise/#!quick-start) however I am getting 400 errors. python3 get_security_events.py An error has occurre...
Hi,#I am looking to complete a new replacement stealthwatch deployment. The aim is to use a higher version 7.4 instead of 7.0 but essentially be configured exactly the same way.Am I able to setup the new stealthwatch on version on 7.4 and configure f...
Hi guys, The FS is capturing the traffic from the Switch with the help of the SPAN protocol. Few CPU cores show the CPU utilization close to 90%. This usage is in the range of 82%-90% always. So I just want to know if is this normal behavior or if I ...
Resolved! SNA Stealthwatch SLIC channel down
Hi all,I'm new in the communinty, thanks in advance for any help you'd like to provide me.My customer is using Secure Network Analytics version 7.4.2, the product have been licensed, also the license for Threat Intelligence is authorized but the alar...
