The Course Name: CSSOW – Cisco StealthWatch Solution Overview Workshop
The Duration: 2 Days
The Overview:
The purpose of this course is to teach participants the role of NetFlow in network telemetry Position different components of Cisco StealthWatch solution and also the threat detection and incident response processes
What You Will Learn:
Understand the role of NetFlow in network telemetry Position different components of Cisco StealthWatch solution
Understand the threat detection and incident response Processes
The Course Index:
Module 1: Network Telemetry
- The Need for Network Telemetry
- NetFlow Fundamentals
- NetFlow Security Event Logging (NSEL)
Module 2: Architecture and Components of Cisco StealthWatch
- StealthWatch Architecture
- Required Components and Licenses
- Flow Collector
- StealthWatch Management Console (SMC)
- Flow License
- Optional Components and Licenses
- Flow Sensor
- UDP Director
- Threat Intelligence License
- Proxy License
- Identity Integration
- Cloud License
- Endpoint Concentrator
- Learning Network License
- Security Packet Analyzer
Module 3: Design Guidance
- Sizing the Solution
- StealthWatch High Availability Design
- Enterprise Tree and Host Groups
Module 4: Detecting Threats
- Anomaly Detection Model
- Security Events
- Alarm Categories
- Threat Hunting
- İncident Response
- Documentation
Labs
Lab 1: The WebUI
Lab 2: The Swing Client
Lab 3: Inspecting Host Group setup
Lab 4: Performing Flow Queries
Lab 5: Using Documents
Lab 6: Confirming the parameters of a rule/policy
Lab 7: Investigating an Alarm
Lab 8: Copyright Infringement Event
Lab 9: Verify Cisco TrustSec Implementation
Lab 10: Malware Investigation