Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Only 56 percent of security alerts are investigated, and more than half of those are not remediated, according to the Cisco 2017 Annual Cybersecurity Report. Responding to these alerts is an overwhelming job, and most organizations do not have the s...
Cisco Stealthwatch version 6.10 is now available for download from Cisco dot com and features a new 90-day trail license. Cisco dot com registered users can download and install the Stealthwatch Flow Sensor, UDP Director, Flow Collector, and Managem...
Visibility is important everywhere where an organizations information is. Too often security incidents occur because of network “blind spots,” or parts of the network that are either are considered safe or just the opposite in that they are too diff...
As many users already know; Cognitive Threat Analytics (CTA)was added as a feature in Stealthwatch version 6.9! This new feature is available to all Stealthwatch users. There is no additional license required. The installation requirements are that...
We often see reports of behavior like this when the server that Stealthwatch is being deployed on doesn't meet the processing or memory requirements. I'd suggest you check those.
I've found that the best references regarding configuring Encrypted Traffic Analytics (ETA) are:
the ETA White Paper (https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/nb-09-encrytd-traf-anlytcs-...
There is no practical limitation on the number of users that can be created but...
You should monitor the number of active or logged in users in Stealthwatch at the Stealthwatch Management Console (SMC). The number of active users supported is lis...
It's likely not a problem with the fields in the flow record but with the sources of data being exported. Flow matching works best when all the exporters are sending the same fields. You presented a flow record but not all exporters (including fire...
See page 133 of the document that you referenced titled "Changing Appliances After Configuration". There is a great big note there that says:
The appliance identity certificate is replaced automatically as part of this procedure. If your applianc...
