CSSOW – Cisco StealthWatch Solution Overview Workshop

Description

The Course Name: CSSOW – Cisco StealthWatch Solution Overview Workshop

The Duration: 2 Days

The Overview:

The purpose of this course is to teach participants the role of NetFlow in network telemetry Position different components of Cisco StealthWatch solution and also the threat detection and incident response processes

What You Will Learn:

Understand the role of NetFlow in network telemetry Position different components of Cisco StealthWatch solution

Understand the threat detection and incident response Processes

The Course Index:

Module 1: Network Telemetry

  • The Need for Network Telemetry
  • NetFlow Fundamentals
  • NetFlow Security Event Logging (NSEL)

Module 2: Architecture and Components of Cisco StealthWatch

  • StealthWatch Architecture
  • Required Components and Licenses
  • Flow Collector
  • StealthWatch Management Console (SMC)
  • Flow License
  • Optional Components and Licenses
  • Flow Sensor
  • UDP Director
  • Threat Intelligence License
  • Proxy License
  • Identity Integration
  • Cloud License
  • Endpoint Concentrator
  • Learning Network License
  • Security Packet Analyzer

Module 3: Design Guidance

  • Sizing the Solution
  • StealthWatch High Availability Design
  • Enterprise Tree and Host Groups

Module 4: Detecting Threats

  • Anomaly Detection Model
  • Security Events
  • Alarm Categories
  • Threat Hunting
  • İncident Response
  • Documentation

Labs

Lab 1: The WebUI

Lab 2: The Swing Client

Lab 3: Inspecting Host Group setup

Lab 4: Performing Flow Queries

Lab 5: Using Documents

Lab 6: Confirming the parameters of a rule/policy

Lab 7: Investigating an Alarm

Lab 8: Copyright Infringement Event

Lab 9: Verify Cisco TrustSec Implementation

Lab 10: Malware Investigation