Hello Everyone,I have SMC 2210, FC 4210, FS 3210 in my network. Stealthwatch 7.3.1 is running on all the appliances.Quick overview of problem:I am not seeing any traffic being reported on interfaces that are being monitored on the switches (exporters...
Hello Team, We are observing a DNS Abuse alert in Stealthwatch from a Mobile Android device. Could you please explain on what basis DNS abuse alert we have checked in Mobile and there are no unusual apps installed?
HelloI have such kind of problem with stealthwatch.I Configured flexible netflow on Cisco cisco WS-C3850 Version 16.3.8 I added 2 lines in flow record config #match datalink mac source address input#match datalink mac destination address input Cisco...
Hellow everyone, I am wrong because of Stealthwatch's environmental IP deployment in my lab, so I adjusted the IP and gateway from the terminal console, and therefore the flow collector and flow sensor of the SMC contral manager console cannot be ide...
I saw that with Stealthwatch 7.3 ERSPAN support has been added to the Flow Sensor. ERSPAN (Encapsulated Remote Switch Port Analyzer) support has been added to the Flow Sensor to increase versatility. Now, it also offers visibility improvements throug...
Hello Folks,I'm running into a problem, when trying to delete the IP settings of an interface of a netflow collector via the cisco stealthwatch central managment applicance configuration webinterface. The interface "eth1" has an configured IP adress...
Hello, may I ask, I cannot find it. When I run ICMP request and I am not receiving any reply, I cant see these attempts on Flow search. When I perform ping to another direction and I receive reply, then I can see the flow. How can I see these connect...
Hello fellow network engineers, I’m curious about a feature of cisco Stealthwatch, which I came across during my research.The feature I mean is the “Host Group Automation Service”.I read about it in the following pdf from cisco: https://www.cisco.com...
Dear Cisco Support, I want to setup the following monitoring : for Modem and SIM card for the following commands : Sh cell 0/1/0 security (SIM Status = xxx)Sh cell 0/2/0 security (SIM Status = xxx)Sh cell 0/1/0 hardware (Modem Status = xxx)Sh cell ...
Hi all, I did hit a false positive alarm today: a wireless AP was a source of 'suspect data hoarding' from a WLC.I wanted to disable this core event in this case, but not sure what would be the best way to do so. Ideally, I want to disable this event...
Hi all, I have a question about host group configurations and conflicting baseline configuration. If I understand correctly the 'Enable baselining for Hosts in this Group' controls if hosts are baselined individually or if a baseline is taken for the...
We recently notice on our ISR router that an access list was added to our VTY terminal connection lines. The ip addresses were, 94.102.56.181 and 185.158.249.22. We didn't add them that we can remember. In the config we have 2 usernames being "cisco"...
Hi Team,Can we create a custom security event on StealthWatch using Source or Target Host Name fields.Thanks.
Hi All, I have 2 devices and I would like to create an alert on Stealthwatch when there is another communication except between those 2 devices.let say device A and Device B should communicateand if Device A tries to communicate with Device C I would...
Hello everyone,I'm looking for a way to exclude a specific application (or a port) from an alarm or from the security event itself.The reason is the "Windows Update Delivery" function causing Addr_Scan events resulting in Recon alarms.I would like to...
