Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
89880
Views
107
Helpful
9
Comments

Welcome to Secure Analytics Use Cases

hcaldwel
Cisco Employee
Cisco Employee

on ‎11-09-2017 10:47 AM - edited on ‎10-12-2022 01:38 PM by Community Manager

Cisco Secure Analytics provides comprehensive network visibility and threat detection for accelerated incident response. Below are a variety of use cases for your reference. After reviewing this information, feel free to share your feedback or ask us questions in a new discussion thread.

 

Picture1.png Picture2.png Picture3.png Picture4.png Picture5.png
Creating an Audit Trail Use Cases Detecting Policy Violations Use Cases Detecting C&C Communications Use Cases Detecting Data Exfiltration Use Cases Detecting Data Hoarding Use Cases
Picture6.png Picture7.png Picture8.png Picture9.png Picture10.png
Detecting Malware Attacks Use Cases Detecting Recon Activity Use Cases Determining Network Load Use Cases Determining Risk Context Use Cases Determining Risk Source Use Cases
Picture11.png Picture12.png Picture13.png Picture14.png Picture15.png
Determining Scope of Breach Use Cases  Determining Scope of Threat Use Cases  Determining Threat Risk Faster Use Cases  Identifying Threat Source Use Cases Integrating with SIEMS Use Cases 
Picture16.png Picture17.png Picture17.png Picture19.png Picture20.png
Monitoring for Regulation Violations Use Cases  Monitoring Network Traffic Use Cases  Monitoring Traffic for Corporate Governance Use Cases Reducing MTTK Use Cases   Reducing MTTR Use Cases
    Picture21.png    
    Secure Cloud Analytics Use Cases    

 

Labels:
Comments
ian.norton
Community Member
‎04-11-2018 07:01 AM

I have some ideas to build off of these. Take cryptomining for example, I had asked Cisco to add the stratum protocol to be able to filter by, this would be much more effective than trying to trigger off known ips, known signatures, or even common stratum ports.

jovitale
Cisco Employee
Cisco Employee
‎04-12-2018 10:27 AM

Hello Ian,

We very much appreciate your feedback. Stratum protocol detection is scheduled to be added to a Stealthwatch release later this year. Again, thank you for your comment, and if you have any questions or comments, please do not hesitate to contact us.

BubbaFromGA
Cisco Employee
Cisco Employee
‎02-14-2019 09:39 AM

Good stuff John! It is nice to have this material on Cisco communities. I'm definitely interested in better ability to detect crypto mining. Let me know if I can help test.

IvanEspinoza754
Level 1
Level 1
‎05-13-2020 09:35 PM

Hello,

 

What are the most common security events that you use in Custom event?

 

Thanks for your answer.

 

 

Ivan E.

jamegill
Cisco Employee
Cisco Employee
‎04-14-2021 07:28 AM

Hi @IvanEspinoza754 

There are a few good default Custom Security Events documented here.   I find that the most important part of building solid Custom events is having solid host groups, and the Host Classifier App is a good way to get going with that.

 

Let me know what you think

--jg

DaveLarkin17691
Level 1
Level 1
‎06-15-2021 12:12 PM

I am looking for some general guidance on a top 20 use cases as a starting point and planning strategy. I understand that these are all company specific lists, but hoping there are some of these use cases that are important for all to utilize in some fashion. This is just for thought and ideas to share based on this communities experiences. Thanks and appreciate any info......

salshei
Cisco Employee
Cisco Employee
‎06-22-2023 09:01 AM

Hi Dave Larkin,

 

Try this link for categorized use cases:

http://cs.co/StealthwatchValueUseCaseMenu

or

https://cisco.bravais.com/s/lnmF3Eowwg51t7Rj9DtD

 

Some of the most commonly used usecases are alerting on rogue/unapproved DNS & DHCP servers.

Ed Long
Level 1
Level 1
‎10-19-2023 06:16 AM

Wondering if the host classifier app will be supported any time soon in SNA Datastore mode?

jamegill
Cisco Employee
Cisco Employee
‎04-26-2024 08:13 AM

@Ed Long 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents