Presented by: McClain Marchman, Cisco Stealthwatch Advanced Services Network Consulting Engineer, Cisco Security Business Group
Reduce operator overhead, advance Stealthwatch optimization, and receive more accurate alarming on meaningful events? Yes, you can!
The Stealthwatch Host Group Automation (HGA) Service gives you a logical means of categorizing network assets for improved visibility and control. It enables the classification of your host groups from third-party data feeds so you can keep them synchronized with your network infrastructure.
McClain Marchman shows how you can use HGA to:
Tackle dynamic server behavior that consistently changes IP addresses and configure Stealthwatch to apply policies to these automated, dynamic, host groups.
Reduce excess consumption of your team’s resources by decreasing overall cost to operate Stealthwatch and by decreasing false positive alarms.
Manage integrations proactively with authoritative IP data sources such as IPAMs, CMDBs, and threat feeds.
McClain Marchman is a Cisco Stealthwatch Advanced Services Network Consulting Engineer in the Security Business Group. He is a part of the team that creates new and exciting custom integration solutions for customers such as the SIEM integration, HGA integration, and the Proxy integration service. McClain joined Cisco via Lancope in 2015 as a Technical Support Engineer. He holds a B.S. in Computer Science from Kennesaw State University, Georgia.
Hello, I have a simple question to understand the behavior from the ASA side. Once the connection is marked as half-closed , during that ( 30 seconds ) if the ASA will receive a syn packet related to the original connection what will happen exac...
Hi Cisco Guru, I'm currently using FPR1K running FDM code with outside interface is DHCP. However, since our ISP subscription is dynamic IP and they may sometimes force to renew a new IP and when this occur, my FPR will keep the old IP even disable a...
Hello, Our SSL Certificate on the admin portal has expired and will not allow us to log on. The cert was issued by our local CA via a CSR from the ISE instance. I do have access to the CLI. I'm not given the opportunity to logon, I get an SSL error f...
We are rebuilding our ISE environment and moving from version 2.3 patch 6 to version 2.7 patch 2. I am at the phase where I am now configuring the guest hotspot portal. I am using the portal customization page rather than the ISE Portal Builde...