Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
1026
Views
5
Helpful
1
Comments

Threat Intelligence on Cisco Stealthwatch

Meddane
VIP
VIP
‎02-23-2023 12:51 AM

Threat Intelligence on Cisco Secure Network Analytics is similar to Security Intelligence on Cisco Firepower Threat Defense, while on FTD the informations of Malicious IPs URLs and DNS downloaded from Cisco Talos are used for instant blacklisting.

The Cisco Secure Network Analytics downloads only a list of malicious IP addresses like the CnC servers and uses these informations to monitor and alarm administrators and IT Analysts about inside hosts that are trying to connect to these malicious IPs.

Monitoring traffic toward these malicious IP addresses provides a second layer of security if you are deploying Cisco FTD with Security Intelligence enabled. This approach helps the admin or IT analyst to monitor if the Cisco FTD protects your inside hosts from internet threats and detects any violation.

Host group.PNG

 

1 Comment
jitendrac
Level 1
Level 1
‎10-21-2023 08:40 AM
‎10-21-2023 08:40 AM

We observed that one particular Public IP (Outside Host) in SNA Stealthwatch was showing bot-infected Host- Attempted C&C however same Public IP (Outside Host) was showing a good reputation on Cisco Talos portal.

Need to understand why these 2 different results for the same IP? Does Stealthwatch Threat Intelligence Feed (formerly known as SLIC Feed) have a different database than compare to Cisco Talos ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents