Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
895
Views
0
Helpful
1
Replies

Cognitive Threat Analytics in SMC

VamsiKrishna
Level 1
Level 1

‎03-16-2020 10:41 PM

Hi all,

 

I am using Stealthwatch Management Console and Flow Collector Version 7.0.2 with CTA enabled in both devices. I am unable to detect malware in the Host CTA window but able to view malware traffic in SMC. I am using router 4451-X model to export the et-analytics logs to flow collector.

 

Regards & thanks,

Vamsi Krishna

Labels:
0 Helpful
1 Reply 1

kyoshiik
Cisco Employee
Cisco Employee

‎03-17-2020 02:59 PM

Stealthwatch and CTA integration can detect encrypted communication between malware infected host to C&C or other hosts. So in your case, there are several possibility:

 

1. Stealthwatch capture malware traffic and send it to CTA, however CTA can’t detect that traffic telemetry data. At this case, please contact support team with preparing malware sample information and telemetry data.

 

2. Infected host never communicate C&C or other server with TLS encrypted communication. At this case, Stealthwatch and CTA can’t detect it because there is no TLS telemetry in flow data.

 

0 Helpful
Customers Also Viewed These Support Documents