I work in an environment using Cisco Stealthwatch. We have a cybersecurity team that is doing an audit on our systems where they are scanning the network for vulnerabilities and other problems. I have to provide my management team with the outputte...
Welcome to the Security Analytics Board!
Please take a look at our Stealthwatch Information Hub and our Stealthwatch Use Cases.Forum Posts
Hi,As I heard, a certain version of Cisco Stealthwatch supports PLR licensing, does anyone know about the version and how should I enable it on my service? Thanks in advance
Resolved! Stealthwatch SMC not reporting data in the dashboard for the exporters in the monitor menu
Hello Everyone,I have SMC 2210, FC 4210, FS 3210 in my network. Stealthwatch 7.3.1 is running on all the appliances.Quick overview of problem:I am not seeing any traffic being reported on interfaces that are being monitored on the switches (exporters...
Hello Team, We are observing a DNS Abuse alert in Stealthwatch from a Mobile Android device. Could you please explain on what basis DNS abuse alert we have checked in Mobile and there are no unusual apps installed?
HelloI have such kind of problem with stealthwatch.I Configured flexible netflow on Cisco cisco WS-C3850 Version 16.3.8 I added 2 lines in flow record config #match datalink mac source address input#match datalink mac destination address input Cisco...
Hellow everyone, I am wrong because of Stealthwatch's environmental IP deployment in my lab, so I adjusted the IP and gateway from the terminal console, and therefore the flow collector and flow sensor of the SMC contral manager console cannot be ide...
I saw that with Stealthwatch 7.3 ERSPAN support has been added to the Flow Sensor. ERSPAN (Encapsulated Remote Switch Port Analyzer) support has been added to the Flow Sensor to increase versatility. Now, it also offers visibility improvements throug...
Hello Folks,I'm running into a problem, when trying to delete the IP settings of an interface of a netflow collector via the cisco stealthwatch central managment applicance configuration webinterface. The interface "eth1" has an configured IP adress...
Hello, may I ask, I cannot find it. When I run ICMP request and I am not receiving any reply, I cant see these attempts on Flow search. When I perform ping to another direction and I receive reply, then I can see the flow. How can I see these connect...
Hello fellow network engineers, I’m curious about a feature of cisco Stealthwatch, which I came across during my research.The feature I mean is the “Host Group Automation Service”.I read about it in the following pdf from cisco: https://www.cisco.com...
Resolved! SNMP OIDs
Dear Cisco Support, I want to setup the following monitoring : for Modem and SIM card for the following commands : Sh cell 0/1/0 security (SIM Status = xxx)Sh cell 0/2/0 security (SIM Status = xxx)Sh cell 0/1/0 hardware (Modem Status = xxx)Sh cell ...
Hi all, I did hit a false positive alarm today: a wireless AP was a source of 'suspect data hoarding' from a WLC.I wanted to disable this core event in this case, but not sure what would be the best way to do so. Ideally, I want to disable this event...
Hi all, I have a question about host group configurations and conflicting baseline configuration. If I understand correctly the 'Enable baselining for Hosts in this Group' controls if hosts are baselined individually or if a baseline is taken for the...
We recently notice on our ISR router that an access list was added to our VTY terminal connection lines. The ip addresses were, 94.102.56.181 and 185.158.249.22. We didn't add them that we can remember. In the config we have 2 usernames being "cisco"...
Hi Team,Can we create a custom security event on StealthWatch using Source or Target Host Name fields.Thanks.
