I work in an environment using Cisco Stealthwatch. We have a cybersecurity team that is doing an audit on our systems where they are scanning the network for vulnerabilities and other problems. I have to provide my management team with the outputted Stealthwatch results. I need to hone in on specific output.
Essentially, this team is just doing passive scans on our network. They are connecting Gigamon aggregators? and use Nessus to scan the network. They are just using laptops connected to the switch via an access port. I need to write up a report to management the network load their putting on the core switch. I know that their scanning is very low impact, but just need to verify that I am looking at the right tables/graphs to see the overall impact they are putting on the network.
Should I just use the Daily Report? Or is there some other output in Stealthwatch that I should be looking at that would provide more granular results. I know what ports the cyber team is connected to on the switch, but I don't believe I can actually look at data for those ports, just "index" correct?