Alan Nix has created a great python script to import the Talos Blacklist into Stealthwatch. I have successfully run the script manually. I would like to run the script daily using cron. I used crontab, but I am not sure it actually runs. Here is th...
So I have a question regarding the netflow direction. All the guides that I have seen only show the input direction. Are you suppose to create 2 flow monitors, one in the input and one in the output? Could someone please enlighten me on this?
Hi all, i'm wondering , can i view the app-id on the SMC with the firepower netflow data, or do i need to flow sensor for this ? thanks .
If i purchase 9000 family device and i have got the Stealthwatch service, do i purchase another device that is used to collect flow or follow collector or Stealthwatch is license only? what is the difference betwee:- Cisco ...
Hi, I am looking for ways to suppress alarms between two host groups. I do not want any alarms when the host in these groups communicate with each other. In the Host Policy, i can create a policy for a specific host group individually, but i did not ...
HiI have been reading and watching some videos. Looking for some best practices on what alerts to enable - lets to be emailed or sysloged. I watched one video out there, and it was not very helpful. If there were 5 alerts, which would be one.. I know...
I have got Cisco Stealthwatch - it receives netflows from my SPANs and also directly from ASA. My issue is that my stealthwatch does not show any information about autonomous systems at all. When I navigate from Java console to Traffic -> Autonomous ...
I need to apply rollup patches on my customer's Stealthwatch management console (SMC) and their flow collector (FC). The documentation on how to apply patches is very good. However, it doesn't explain how to rollback patches in case installing patche...
Hello, I am looking for a comparison between Cisco Stealthwatch vs Darktrace. What are the major differences? Do they complement each other in some aspect? regards,
Hi we are looking at purchasing StealthWatch for VMware and to get started I need some clarification on what part numbers and how many per part. Cisco Stealthwatch Enterprise Data Sheet https://www.cisco.com/c/en/us/products/collateral/security/st...
Hi Sir: When I pass the SMC configuration wizard . How to add flow collector by manually ?
I have a problem in setting up netflow for Cisco Stealthwatch. I've set up the exporter in WLC through GUI, but Stealthwatch didn't show any data. Stealthwatch read the flows from WLC, but no data about the clients. Stealthwatch displayed an error "E...
I have a C9300 running IOS XE v 16.06.03 (CAT9K-IOSXE) and the network-advantage and dna-advantage licenses installed. I am trying to verify that the encrypted traffic analysis, et-analytics, feature is configured and working properly. I followed ...
Hello all, I setup CTA and ETA with Catalyst9300 and Stealthwatch.How can I confirm that ETA works fine?I uploaded the large file to the web server which has self signed certificate.But no alarm occurred.Should I use real malware? If yes, which mal...
Hi,I have issue of security event "Ping Oversized Packet" in Stealthwatch. In documentation I see next: "It searches for ICMP packets that are larger than thestandard size of 90 bytes, either as an ICMP echo request(if the host is the destination of ...
