cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
641
Views
0
Helpful
1
Replies
ronjonjonjon1
Beginner

Providing IT Managers with data for network load/impact during security scans using Stealthwatch

I work in an environment using Cisco Stealthwatch.  We have a cybersecurity team that is doing an audit on our systems where they are scanning the network for vulnerabilities and other problems.  I have to provide my management team with the outputted Stealthwatch results.  I need to hone in on specific output.

 

Essentially, this team is just doing passive scans on our network.  They are connecting Gigamon aggregators? and use Nessus to scan the network.  They are just using laptops connected to the switch via an access port.  I need to write up a report to management the network load their putting on the core switch.  I know that their scanning is very low impact, but just need to verify that I am looking at the right tables/graphs to see the overall impact they are putting on the network.

 

Should I just use the Daily Report?  Or is there some other output in Stealthwatch that I should be looking at that would provide more granular results.  I know what ports the cyber team is connected to on the switch, but I don't believe I can actually look at data for those ports, just "index" correct?

1 REPLY 1
dcavalla
Cisco Employee

Hello,

if the interface they are connected to is exporting netflow (possibly with NBAR) would such report help?

 

 

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (100%)

Content for Community-Ad