I need to use on-prem SAL to increase FMC events retention on SNA and need to provide high availability between two data centers for my deployment. i also have have cisco telemetry broker. Would it be the same if 1- i configured ftd syslog to point t...
Welcome to the Security Analytics Board!
Please take a look at our Stealthwatch Information Hub and our Stealthwatch Use Cases.Forum Posts
Today I made transition to flow collector with datastore.Since then I get major alarms "FlowCollector Longest Export Exceeded after transition to datastore" every hour from different network devices.Why does this appear after transition to datastore?
I had 5 flow collectors (VMs)vCPU - 12Memory - 128GbHDD - 3.6TbI decided to add 3 data node to use Data StorevCPU - 18Memory - 64GbHDD - 18TbAnd after it one of my collector started to sent message FlowCollector Performance Degraded - OversubscribedI...
Hi,We are leveraging the API to perform bulk uploads of endpoints into hostgroups and we noticed that everytime we upload an existing IP in a hostgroup, the IP is removed and recreated again. If the IP does not change, is SNA deleting the historical ...
Hi. We installed Data store virtual cluster with three nodesEvery node has 18Tb but I can see that Total Capacity:32.197 TB Where does 18Tb lost?
On of our IDS is not showing any connection events on the FMC. It shares the same policy with other devices and these are all showing connection events. Customer says policy is OK. When using the Tool > Packet Capture feature on the 4125 Chassis we c...
Hello Community, In a scenario where NVM telemetry is enabled from user endpoint, is it possible to directly correlate a network flow with the associated user endpoint process name and process ID from the SNA console (7.5.2)? If not, is there any man...
Hi, As I have configured a CSE to generate an Alarm while a flow is seen between a host and peer, the Alarm outcome is widely different from flows that has seen in the flow search. Can anyone explain the issue or reason behind it?
Hi, it appears that the reporting dashboard does not offer an option to generate reports specifically for alarms related to a particular Relationship policy name. Currently, the only available selection seems to cover all relationship events that hav...
Hello, currently we are facing two data nodes failure from 9 nodes DSN cluster. We already tried to start the failed nodes but SMC returns the following Error:Unable to read database catalogs - cannot start databaseFirst, I would appreciate that if a...
Maybe somebody know how to clean old config datastore on the SNA Central Management. I had data store but it was losted. Nowadays I decided to add new datastore VM and found out that there's old config and I can't to add new one to replace old
Maybe someone know when will be released new version App - Security Analytics and Logging On Prem?
Hello, I try to use option from stealthwatch to find network scanners. I started ping scan from my PC. After a while I saw that I have Top Security Event for my host Ping_Scan with CI = 590,400, after it I went to Report - Visibility Assessment - In...
Hi, I can't find a proper way to exclude a vulnerability scanner IP from alerts in SCA. One possible way to solve this (I guess) is to add entity groups for source IP and destination subnets. Afterwards select these entity groups in an Internal Conn...
Hi community,We have installed SNA 7.4.2 and there is an existing integration with ISE 3.2.0.542. The TrustSec Analytics and TrustSec Policy Analytics show the SGTs but all cells in the matrix are grayed out (no traffic), even though there is traffic...
