Hi Guys We've recently updated to Stealthwatch v7.1.2 are we're currently trying to activate the CTR integration using the below guide. https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/ctr/SW_7_1_2_Stealthwatch_and_Threat_Response_Inte...
Welcome to the Security Analytics Board!
Please take a look at our Stealthwatch Information Hub and our Stealthwatch Use Cases.Forum Posts
We just got a new FlowCollector and we reconfigured a few exporters to send Netflow data to the new FlowCollectoris there a way to move the data collected to the new flow collector ? or delete all of them for that Flowcollector in batches instead of ...
Hi Team I trying configure StealthWatch Failure on Two SMC Primary and secondary, I follow all steps under the Online help tool.I have Trial License full, and start Failure mode by Seconday SMC: Both SMC* Have Trial License OK I start Failure test un...
Hi,I am not a true licensing guru when it comes to stealthwatch. I know up to 250 exporters that will be close to 4,500 flows per second. But is there a true calculator out there where you can plug in the number of switches/exporters to determine the...
Hello everyone, We will be forwarding ISE logs to our SEIM (Helix) I wanted to know what are the top 5-10 logs I should be alerting on? I need to put together an action plan so I cant do that for all the logs. Thankssecurity, Stealthwatch
Good Day Everyone I am currently preparing for a Greenfields Stealthwatch deployment at a customer.I had a look at the documentation and seems like version 7.2 is the latest and has some nice changes from 7.1. But when I get to Cisco Software Central...
Hello all, I want to ask,we can see the storage statistics in the Appliance Flow Collector menu, there is visible capacity in days, remainin days, bytes per day, I have also confirmed to the TAC that the data can be a reference / estimate when the st...
hi experts, hope you are doing wellwe have stealthwatch working fine, but in sometimes we stop receiveing flows in the flow collectorafter capturing traffic, i see cflow packets, but it shows like malformed, what could be the reason to this?and a hea...
A simple portscan was initiated from a Linux host scanning a /24 subnet for ports 14021-14025/tcp.SMC displayed correct number of flow records in flow table for this activity but "Total Traffic" and "Total Bytes" column was empty for all the flows. A...
Is there any documentation for using the "additional BPF" field from packet capture utility on Stealthwatch Flow Collector.Trying to find out are there any examples or syntax on how to use this field.TIA
unable to launch ASDM please assistWarning: Potential Security Risk AheadFirefox detected a potential security threat and did not continue to . If you visit this site, attackers could try to steal information like your passwords, emails, or credit ca...
Resolved! stealthwatch license excedeed
hi, i have a question what happens when you exceeded the limit of the licensestealthwatch stops to records that the flows that pass the limit?can someone upgrade to a bigger frl license - can be the same virtual appliance?thanks for the help, best re...
Hi, we have a Stealthwatch 7 deployed. We send the events to QRadar and in QRadar we receive this kind of log: (...)<110>Mar 04 14:23:01 vap11039 StealthWatch[4925]: LEEF:2.0|Lancope|Stealthwatch|6.8|51|0x7C|src=10.90.7.10|dst=0.0.0.0|dstPort=|proto=...
Hi all, I am using Stealthwatch Management Console and Flow Collector Version 7.0.2 with CTA enabled in both devices. I am unable to detect malware in the Host CTA window but able to view malware traffic in SMC. I am using router 4451-X model to expo...
I have a problem with flow rate license ordering. I cant find a good document or ordering guide for this license. I have read in stealthwatch datasheet that flow rate license defines the volume of flows that may be collected and is licensed on the ba...
