I'm looking for resources and enablement material to performing Cisco health checks; especially on Cisco Security equipment. Now I've found various resources scattered on different places, and I'm wondering where would be the best place to go and find out more on this subject.
The following are a few examples of resources that I've found up until now:
I'll appreciate it if anyone can point me in the right direction.
Hi Juan -
I found this resource: Tools & Resources - Cisco. Do any of these tools help you with your need?
Let me know and I can create a handy document within the community so you can readily find it in the future.
Juan and Community,
You have options when it comes to checking the health of your Cisco Stealthwatch install. One option is to engage the Advanced Services team (formerly known as Lancope Professional Services) to for a health check and tuning engagement. See: https://www.lancope.com/sites/default/files/Lancope-Professional-Services-Health-Check-and-Tuning%20-%20FINAL.pdf
There is a lot that you can do on your own to check the health of your Stealthwatch installation.
Just by using your Stealthwatch Management Console (SMC) to check your connected devices you are checking the communications channel between the SMC and the flow collectors (and flow sensors if installed). You can also check whether the communications channel to your local ISE server is operational (ISE server will be online) at the SMC.
Running the Java client from the SMC (in addition to using the web client) is important because it validates that you have the needed version of Java installed. Too often Stealthwatch admins who don't usually use the Java client will find that they need to apply a Java update before they can run the client. Also clean up old version of Java while you are here.
Verify flow collection. Look at the directory structure in the SMC Java client and make sure that each of your flow collectors listed are online and functioning. If they are functioning the flow count should be increasing. Sometimes you'll find that one or more devices that should be exporting flow have gone off line.
Using the Admin interface check to make sure that all your SMC, flow collectors and flow exporters licenses are up to date; that all are using the same NTP clock and DNS settings; and all your certificates.
Katherine McNamara wrote a great post on her blog about Stealthwatch Appliance Administration (applies to both the physical and virtual appliances). It's a great reference.
I hope this helps.
Just to add some information in your list. If you are also looking for ESA / WSA health check, you can also contact to Cisco SAC team. You can contact them at firstname.lastname@example.org