Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
929
Views
0
Helpful
1
Replies

Providing IT Managers with data for network load/impact during security scans using Stealthwatch

ronjonjonjon1
Level 1
Level 1

‎05-11-2021 07:43 AM - edited ‎05-11-2021 07:44 AM

I work in an environment using Cisco Stealthwatch.  We have a cybersecurity team that is doing an audit on our systems where they are scanning the network for vulnerabilities and other problems.  I have to provide my management team with the outputted Stealthwatch results.  I need to hone in on specific output.

 

Essentially, this team is just doing passive scans on our network.  They are connecting Gigamon aggregators? and use Nessus to scan the network.  They are just using laptops connected to the switch via an access port.  I need to write up a report to management the network load their putting on the core switch.  I know that their scanning is very low impact, but just need to verify that I am looking at the right tables/graphs to see the overall impact they are putting on the network.

 

Should I just use the Daily Report?  Or is there some other output in Stealthwatch that I should be looking at that would provide more granular results.  I know what ports the cyber team is connected to on the switch, but I don't believe I can actually look at data for those ports, just "index" correct?

Labels:
0 Helpful
1 Reply 1

dcavalla
Cisco Employee
Cisco Employee

‎05-12-2021 02:11 AM

Hello,

if the interface they are connected to is exporting netflow (possibly with NBAR) would such report help?

 

 

Preview file
96 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents