Security Analytics

Resolved! SNMP OIDs

Dear Cisco Support, I want to setup the following monitoring : for Modem and SIM card for the following commands : Sh cell 0/1/0 security (SIM Status = xxx)Sh cell 0/2/0 security (SIM Status = xxx)Sh cell 0/1/0 hardware (Modem Status = xxx)Sh cell ...

Stealthwatch core event tuning

Hi all, I did hit a false positive alarm today: a wireless AP was a source of 'suspect data hoarding' from a WLC.I wanted to disable this core event in this case, but not sure what would be the best way to do so. Ideally, I want to disable this event...

StealthWatch host group baseline

Hi all, I have a question about host group configurations and conflicting baseline configuration. If I understand correctly the 'Enable baselining for Hosts in this Group' controls if hosts are baselined individually or if a baseline is taken for the...

Possible compromise on ISR router

We recently notice on our ISR router that an access list was added to our VTY terminal connection lines. The ip addresses were, 94.102.56.181 and 185.158.249.22. We didn't add them that we can remember. In the config we have 2 usernames being "cisco"...

Custom Security event policy on StealthWatch including Source/Target Host Name

Hi Team,Can we create a custom security event on StealthWatch using Source or Target Host Name fields.Thanks.

Resolved! Create Alert base on Host and Peer comminucation

Hi All, I have 2 devices and I would like to create an alert on Stealthwatch when there is another communication except between those 2 devices.let say device A and Device B should communicateand if Device A tries to communicate with Device C I would...

Resolved! Stealthwatch: Exclude Application or Port from Alarm (Addr Scan / Recon)

Hello everyone,I'm looking for a way to exclude a specific application (or a port) from an alarm or from the security event itself.The reason is the "Windows Update Delivery" function causing Addr_Scan events resulting in Recon alarms.I would like to...

Resolved! Stealthwatch - MFA and/or Access Control

I see that the Stealthwatch SMC GUI (7.2) supports MFA via Radius - but looking at ways to limit access to other components such as the CLI on the SMC, as well as the CLI or GUI on the Flow Collectors or Flow Sensors? Does Stealthwatch support the co...

Monitoring Cisco Virtual Firepower Threat Defense

We have an instance of a VFTD firewall on our infrastructure and we would like to monitor it's sessions that are coming to our network via snmp but we couldn't find any OIDs related to that .

Stealthwatch VM sizing Query

Hi, One of our customer has purchased VM editions of SMC, FC and FS appliances and 25000 flows licenses. We found that we have different models of VM appliances like SMCVE, SMC2000VE and FCVE,FCVE2000. I found that these specs are based on the host c...

Stealthwatch Cloud - Detect FireEye RedTeam toolkit

FireEye experienced a breach. Their APT toolkit was stolen. FireEye is sharing indicators of compromise and countermeasures on GitHub. How can I use Stealthwatch Cloud to detect those IOCs? https://github.com/fireeye/red_team_tool_countermeasures

Alternative Access to CTA

Dear CommunityWe're looking for a solution to access to Cognitive Threat Analytics (Stealthwatch Data) from an other Browser, than the Browser used for Cisco Stealthwatch. Do you have similar situations and maybe a solution for access CTA without th...

NEW Briefing: December 2: Central Log Management using Cisco Security Analytics

December 2: Central Log Management using Cisco Security Analytics and Logging 8am-9:30am PT Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a cloud ...

How To Resolve Stealthwatch Config Failed/System Error Issue

I'm trying to resolve an issue related to a Configuration failure for SMC. What are the possible solutions for below issue? {"successful":false,"details":"exit code: 1ElementIDs without results: aide, auditLogDestination, configBackup, dns, dnsCache,...

NEW Briefing: Multicloud security posture and threat management with Stealthwatch Cloud

November 18: Multicloud security posture and threat management with Stealthwatch Cloud 8am-9:30am PT Cisco Stealthwatch Cloud provides visibility, compliance, threat detection and investigation capabilities across on-premises and cloud environments. ...

Security Analytics

Welcome to the Security Analytics Board!

Forum Posts

Resolved! SNMP OIDs

Stealthwatch core event tuning

StealthWatch host group baseline

Possible compromise on ISR router

Custom Security event policy on StealthWatch including Source/Target Host Name

Resolved! Create Alert base on Host and Peer comminucation

Resolved! Stealthwatch: Exclude Application or Port from Alarm (Addr Scan / Recon)

Resolved! Stealthwatch - MFA and/or Access Control

Monitoring Cisco Virtual Firepower Threat Defense

Stealthwatch VM sizing Query

Stealthwatch Cloud - Detect FireEye RedTeam toolkit

Alternative Access to CTA

NEW Briefing: December 2: Central Log Management using Cisco Security Analytics

How To Resolve Stealthwatch Config Failed/System Error Issue

NEW Briefing: Multicloud security posture and threat management with Stealthwatch Cloud

Congratulations to the Event Top Contributors Class of 2024!

Cisco + Splunk: It's a new day for your data.

A new chapter of the Spotlight Award begins!

Join us in Celebrating the New Year and the Nov.-Jan. Winners!

Announcing Resources That Guide You to Success

StealthWatch SSL/TLS Client Identity Certificate

Cisco SNA (Stealthwatch) error

Cisco Network analytics. Delete unusable interfaces in exporters

Cisco Security Network Analytics shows empty in Update Manager

Button ... Install Update is gray color

Host Information not visible

Error when accessing SMC

Stealthwatch Flow Sensor high CPU usage

Stealthwatch SNA RRT SRT response times

stealthwatch ifindex id 0