Security Analytics

FireEye experienced a breach. Their APT toolkit was stolen. FireEye is sharing indicators of compromise and countermeasures on GitHub. How can I use Stealthwatch Cloud to detect those IOCs? https://github.com/fireeye/red_team_tool_countermeasures

Dear CommunityWe're looking for a solution to access to Cognitive Threat Analytics (Stealthwatch Data) from an other Browser, than the Browser used for Cisco Stealthwatch.  Do you have similar situations and maybe a solution for access CTA without th...

December 2: Central Log Management using Cisco Security Analytics and Logging 8am-9:30am PT Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a cloud ...

I'm trying to resolve an issue related to a Configuration failure for SMC. What are the possible solutions for below issue? {"successful":false,"details":"exit code: 1ElementIDs without results: aide, auditLogDestination, configBackup, dns, dnsCache,...

November 18: Multicloud security posture and threat management with Stealthwatch Cloud 8am-9:30am PT Cisco Stealthwatch Cloud provides visibility, compliance, threat detection and investigation capabilities across on-premises and cloud environments. ...

Hi Team, Is there any document that can help to understand how cisco stealthwatch integrates with threatconnect (SOAR solution - now a part of RSA)?  RegardsRajesh

Good Day I recently enabled syslogs from a bluecoat proxy into Stealthwatch.I can see some URL data for users so on the surface it does seem good.I did notice in the log file though some errors. FC01:~# tail -f /lancope/var/sw-flow-proxyparser/logs/s...

Things appeared to go sideways yesterday (02/10) with regard to the data in the SLIC feed - as we received 40+ alerts of C&C activity as users were browsing to www.google.com - the destination IPs were what is expected for Google The destination C&C ...

Hi Team,I have installed Host Classifier application v1.0.13 on SMC v7.0.3, but it is not populating any data on App dashboard as it could not find pre-defined host groups. Does this app needs manual creation of host groups. Thanks.

(this might mean that someone trying to fool you or steal any info you send to the server)the above message appeared on the client side when using FTD decrypt-resigned, is there any one can help solving that issue . 

I just inherited Stealthwatch 6.10.5 all on VM which includes one of each of the following: smc, flow, udp.  I now need to renew/update the existing certificates that were installed.  I have renewed the existing certificates and have all three in a ....

Hello everyone, I understand that FlowSensor can provide "additional security context" by enabling the "Export HTTP(S) Header Data", "Export Packet Payload" and "Enable VXLAN Decapsulation". 1) Does that mean all the Stealthwatch Default Application ...