Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
648
Views
0
Helpful
0
Replies

Check Point and StealthWatch / Cisco Security Analytics and Logging

SergGu
Level 1
Level 1

‎03-16-2023 01:30 PM

Hello,

In the past SteatchWatch developed various features to ingest the logs from Proxy (using Proxy Ingest) or even sniff the URLs from the network (using Flow Sensor). This was before Cisco time. Can you share any recent news/features on adding third-party firewall support to StealthWatch? Or does Cisco is focusing on its own ecosystem in adding features for "Cisco Security Analytics and Logging"? I'm not asking about roadmap features, just the stuff already onboard in the product.

I have seen Check Point Netflow export configured and working with StealthWatch, but this only provides IP and Port details. The information from the URL and URL Filtering, Application Control, Identity Awareness was obviously missing in Netflow and StealthWatch.

With regards to ignoring third-party firewalls installed on the network, how much "stuff" can the Flow Sensor grab from the wire on a SPAN port? Obviously, without SSL/TLS inspection, it is impossible on the Span. But does it map the URLs to the web categories? Or is it fairly basic and not worth investing time in?

Regards, Serg.

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents