Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1720
Views
7
Helpful
3
Replies

How can Stealthwatch mitigate threats after ISE integration?

Go to solution
Support ACME
Level 1
Level 1

‎07-24-2019 01:24 AM

Hello,

 

I want to know what additional mitigation action can Stealthwatch do once I have integrated the ISE.

I know I can manually enforce the Adaptive Network Control Policy from the Stealthwatch web console and use the TrustSec Tags as search attributes from this document.

 

But I really want to confirm if the ANC policy can be automatically enforced once some alarms / anomalies has been detected. I knew similar question has been answered in this post 2 years ago, but what about the recent version of Stealthwatch??

 

The newest Console User's Guide still say the Java console can work with ASA and routers to bring out automatic mitigation, 

it would be really strange the newer Cisco FTD is not included and the ISE mitigation is manual only. 

 

Thank you.

 

 

 



1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
brford
Cisco Employee
Cisco Employee

‎08-05-2019 12:12 PM

Regarding wanting to know "if the [Stealthwatch] ANC policy can be automatically enforced once some alarms / anomalies has been detected.".  No. 

 

Stealthwatch requires that a user select and apply an ANC policy.  There is no 'automatic' enforcement in Stealthwatch.  

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.

View solution in original post

3 Replies 3

Go to solution
brford
Cisco Employee
Cisco Employee

‎08-05-2019 12:12 PM

Regarding wanting to know "if the [Stealthwatch] ANC policy can be automatically enforced once some alarms / anomalies has been detected.".  No. 

 

Stealthwatch requires that a user select and apply an ANC policy.  There is no 'automatic' enforcement in Stealthwatch.  

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.

Go to solution
Support ACME
Level 1
Level 1
In response to brford

‎08-06-2019 08:49 AM

Thanks for the response and the confirmation.

I kind of know the SMC Desktop client is fading out, I guess you may take the automatic mitigation and FTD support parts as feature request.

Thank you again.
0 Helpful

Go to solution
sureshot
Cisco Employee
Cisco Employee

‎10-09-2022 11:46 PM

@Support ACME

If you still looking into this, Then there is an Update:

Now the response can be automated using below feature "Cisco Stealthwatch Response Management", on Web UI starting from 7.3 version.

More details:
https://www.youtube.com/watch?v=m0yKmFGhUpk
https://blogs.cisco.com/security/automated-response-with-cisco-stealthwatch

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents