I saw that with Stealthwatch 7.3 ERSPAN support has been added to the Flow Sensor. ERSPAN (Encapsulated Remote Switch Port Analyzer) support has been added to the Flow Sensor to increase versatility. Now, it also offers visibility improvements throug...
Welcome to the Security Analytics Board!
Please take a look at our Stealthwatch Information Hub and our Stealthwatch Use Cases.Forum Posts
Hello Folks,I'm running into a problem, when trying to delete the IP settings of an interface of a netflow collector via the cisco stealthwatch central managment applicance configuration webinterface. The interface "eth1" has an configured IP adress...
Hello, may I ask, I cannot find it. When I run ICMP request and I am not receiving any reply, I cant see these attempts on Flow search. When I perform ping to another direction and I receive reply, then I can see the flow. How can I see these connect...
Hello fellow network engineers, I’m curious about a feature of cisco Stealthwatch, which I came across during my research.The feature I mean is the “Host Group Automation Service”.I read about it in the following pdf from cisco: https://www.cisco.com...
Resolved! SNMP OIDs
Dear Cisco Support, I want to setup the following monitoring : for Modem and SIM card for the following commands : Sh cell 0/1/0 security (SIM Status = xxx)Sh cell 0/2/0 security (SIM Status = xxx)Sh cell 0/1/0 hardware (Modem Status = xxx)Sh cell ...
Hi all, I did hit a false positive alarm today: a wireless AP was a source of 'suspect data hoarding' from a WLC.I wanted to disable this core event in this case, but not sure what would be the best way to do so. Ideally, I want to disable this event...
Hi all, I have a question about host group configurations and conflicting baseline configuration. If I understand correctly the 'Enable baselining for Hosts in this Group' controls if hosts are baselined individually or if a baseline is taken for the...
We recently notice on our ISR router that an access list was added to our VTY terminal connection lines. The ip addresses were, 94.102.56.181 and 185.158.249.22. We didn't add them that we can remember. In the config we have 2 usernames being "cisco"...
Hi Team,Can we create a custom security event on StealthWatch using Source or Target Host Name fields.Thanks.
Hi All, I have 2 devices and I would like to create an alert on Stealthwatch when there is another communication except between those 2 devices.let say device A and Device B should communicateand if Device A tries to communicate with Device C I would...
Hello everyone,I'm looking for a way to exclude a specific application (or a port) from an alarm or from the security event itself.The reason is the "Windows Update Delivery" function causing Addr_Scan events resulting in Recon alarms.I would like to...
Resolved! Stealthwatch - MFA and/or Access Control
I see that the Stealthwatch SMC GUI (7.2) supports MFA via Radius - but looking at ways to limit access to other components such as the CLI on the SMC, as well as the CLI or GUI on the Flow Collectors or Flow Sensors? Does Stealthwatch support the co...
We have an instance of a VFTD firewall on our infrastructure and we would like to monitor it's sessions that are coming to our network via snmp but we couldn't find any OIDs related to that .
Hi, One of our customer has purchased VM editions of SMC, FC and FS appliances and 25000 flows licenses. We found that we have different models of VM appliances like SMCVE, SMC2000VE and FCVE,FCVE2000. I found that these specs are based on the host c...
FireEye experienced a breach. Their APT toolkit was stolen. FireEye is sharing indicators of compromise and countermeasures on GitHub. How can I use Stealthwatch Cloud to detect those IOCs? https://github.com/fireeye/red_team_tool_countermeasures
