07-24-2019 01:24 AM
Hello,
I want to know what additional mitigation action can Stealthwatch do once I have integrated the ISE.
I know I can manually enforce the Adaptive Network Control Policy from the Stealthwatch web console and use the TrustSec Tags as search attributes from this document.
But I really want to confirm if the ANC policy can be automatically enforced once some alarms / anomalies has been detected. I knew similar question has been answered in this post 2 years ago, but what about the recent version of Stealthwatch??
The newest Console User's Guide still say the Java console can work with ASA and routers to bring out automatic mitigation,
it would be really strange the newer Cisco FTD is not included and the ISE mitigation is manual only.
Thank you.
Solved! Go to Solution.
08-05-2019 12:12 PM
Regarding wanting to know "if the [Stealthwatch] ANC policy can be automatically enforced once some alarms / anomalies has been detected.". No.
Stealthwatch requires that a user select and apply an ANC policy. There is no 'automatic' enforcement in Stealthwatch.
08-05-2019 12:12 PM
Regarding wanting to know "if the [Stealthwatch] ANC policy can be automatically enforced once some alarms / anomalies has been detected.". No.
Stealthwatch requires that a user select and apply an ANC policy. There is no 'automatic' enforcement in Stealthwatch.
08-06-2019 08:49 AM
10-09-2022 11:46 PM
@Support ACME
If you still looking into this, Then there is an Update:
Now the response can be automated using below feature "Cisco Stealthwatch Response Management", on Web UI starting from 7.3 version.
More details:
https://www.youtube.com/watch?v=m0yKmFGhUpk
https://blogs.cisco.com/security/automated-response-with-cisco-stealthwatch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide