Hi, As I have configured a CSE to generate an Alarm while a flow is seen between a host and peer, the Alarm outcome is widely different from flows that has seen in the flow search. Can anyone explain the issue or reason behind it?
Welcome to the Security Analytics Board!
Please take a look at our Stealthwatch Information Hub and our Stealthwatch Use Cases.Forum Posts
Hi, it appears that the reporting dashboard does not offer an option to generate reports specifically for alarms related to a particular Relationship policy name. Currently, the only available selection seems to cover all relationship events that hav...
Hello, currently we are facing two data nodes failure from 9 nodes DSN cluster. We already tried to start the failed nodes but SMC returns the following Error:Unable to read database catalogs - cannot start databaseFirst, I would appreciate that if a...
Maybe somebody know how to clean old config datastore on the SNA Central Management. I had data store but it was losted. Nowadays I decided to add new datastore VM and found out that there's old config and I can't to add new one to replace old
Maybe someone know when will be released new version App - Security Analytics and Logging On Prem?
Hello, I try to use option from stealthwatch to find network scanners. I started ping scan from my PC. After a while I saw that I have Top Security Event for my host Ping_Scan with CI = 590,400, after it I went to Report - Visibility Assessment - In...
Hi, I can't find a proper way to exclude a vulnerability scanner IP from alerts in SCA. One possible way to solve this (I guess) is to add entity groups for source IP and destination subnets. Afterwards select these entity groups in an Internal Conn...
Hi community,We have installed SNA 7.4.2 and there is an existing integration with ISE 3.2.0.542. The TrustSec Analytics and TrustSec Policy Analytics show the SGTs but all cells in the matrix are grayed out (no traffic), even though there is traffic...
One of our customers is looking for an NDR solution, and we have suggested Cisco Stealthwatch (SNA).However, they need some clarity on its capabilities:They are using cisco switches, If an anomaly or suspicious activity is detected on a wired endpoin...
Cisco Secure Analytics (formerly Stealthwatch). It seems that there is an optional feature called "Threat Feed", but if you have a detailed knowledge of what can be done by purchasing this license, it will be helpful.
Cisco Secure Analytics (formerly Stealthwatch). Recently, Command & Control flow was detected, and when I checked the flow details in a hurry, it was detected as an event called "Suspect Long Flow", and when I further examined the related flow, the a...
Single Sign-On (SSO) is now a critical element for modern organizations, effectively balancing seamless user access with strong security. As a leader in Network Detection and Response (NDR), Secure Network Analytics (SNA) offers integration with a ra...
Hi,Is it possible to manually setup the NVM module for Cloud? From the XDR console I just can download the ServiceProfile XML, but not the Bootstrap file. Also, I don't see any reference manual on how to do it. Thanks
Hi, I have try to connect my ASA5555 FTD6.4 on FMC for sent syslog to SAL (On Prem) on SNA in manager only mode. As I research If I use SNA manager to install SAL (On Prem) that didn't required CDO, Is it? I have followed https://www.cisco.com/c/en/u...
Hi there. Can cisco security analytics delete automatically unusable interfaces for exporters in a while?
