hi all, recently, i am monitoring traffic on stealthwatch and i found an ip link-local within. stealthwatch detected that is coming from inside network and it showed behavior like scanning tcp and SMB for file sharing to outside host and inside hos...
Welcome to the Security Analytics Board!
Please take a look at our Stealthwatch Information Hub and our Stealthwatch Use Cases.Forum Posts
Hey All, in the SMC gui, when it shows alarming hosts, it show ip address, Is there anyway to show the DNS hostname on that page rather than clicking on the ip addres and next page it will show the hostname ? Is it in the road map ?
Resolved! Stealthwatch Python Script using cron
Alan Nix has created a great python script to import the Talos Blacklist into Stealthwatch. I have successfully run the script manually. I would like to run the script daily using cron. I used crontab, but I am not sure it actually runs. Here is th...
So I have a question regarding the netflow direction. All the guides that I have seen only show the input direction. Are you suppose to create 2 flow monitors, one in the input and one in the output? Could someone please enlighten me on this?
Hi all, i'm wondering , can i view the app-id on the SMC with the firepower netflow data, or do i need to flow sensor for this ? thanks .
Resolved! Stealthwatch
If i purchase 9000 family device and i have got the Stealthwatch service, do i purchase another device that is used to collect flow or follow collector or Stealthwatch is license only? what is the difference betwee:- Cisco ...
Hi, I am looking for ways to suppress alarms between two host groups. I do not want any alarms when the host in these groups communicate with each other. In the Host Policy, i can create a policy for a specific host group individually, but i did not ...
HiI have been reading and watching some videos. Looking for some best practices on what alerts to enable - lets to be emailed or sysloged. I watched one video out there, and it was not very helpful. If there were 5 alerts, which would be one.. I know...
I have got Cisco Stealthwatch - it receives netflows from my SPANs and also directly from ASA. My issue is that my stealthwatch does not show any information about autonomous systems at all. When I navigate from Java console to Traffic -> Autonomous ...
Resolved! Stealthwatch Patches
I need to apply rollup patches on my customer's Stealthwatch management console (SMC) and their flow collector (FC). The documentation on how to apply patches is very good. However, it doesn't explain how to rollback patches in case installing patche...
Hello, I am looking for a comparison between Cisco Stealthwatch vs Darktrace. What are the major differences? Do they complement each other in some aspect? regards,
Hi we are looking at purchasing StealthWatch for VMware and to get started I need some clarification on what part numbers and how many per part. Cisco Stealthwatch Enterprise Data Sheet https://www.cisco.com/c/en/us/products/collateral/security/st...
Hi Sir: When I pass the SMC configuration wizard . How to add flow collector by manually ?
Resolved! WLC Netflow for Cisco Stealthwatch
I have a problem in setting up netflow for Cisco Stealthwatch. I've set up the exporter in WLC through GUI, but Stealthwatch didn't show any data. Stealthwatch read the flows from WLC, but no data about the clients. Stealthwatch displayed an error "E...
I have a C9300 running IOS XE v 16.06.03 (CAT9K-IOSXE) and the network-advantage and dna-advantage licenses installed. I am trying to verify that the encrypted traffic analysis, et-analytics, feature is configured and working properly. I followed ...
