Cisco Stealthwatch Tuning Training (SWAT)

Cisco Stealthwatch Tuning Training (SWAT) Course with Hands-On Exercises (Online, Onsite and Classroom Live)

  • Cisco Learning Credits: 30 CLC

This Cisco Stealthwatch Tuning Training (SWAT) course focuses on the tuning process in Cisco Stealthwatch Enterprise system, to gain visibility across your enterprise and detect actionable threats. This course covers all essential aspects of the tuning process, including tuning best practices, which will optimize the Stealthwatch System.

This course will help you:

  • Understand how the system generates events and alarms.
  • Configure policies and adjust system events and alarms.
  • Understand the importance of hosts and host groups.

Cisco Stealthwatch Tuning Training (SWAT)Duration: 2 days

RESOURCES
RELATED COURSES
CUSTOMIZE It
  • We can adapt this Cisco Stealthwatch Tuning (SWAT) course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Cisco Stealthwatch Tuning (SWAT) course, we can omit or shorten their discussion
  • We can adjust the emphasis placed on the various topics or build the Cisco Stealthwatch Tuning (SWAT) Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Cisco Stealthwatch Tuning (SWAT) course in manner understandable to lay audiences.
AUDIENCE/TARGET GROUP

The target audience for this Cisco Stealthwatch Tuning (SWAT) course:

  • This course is intended for individuals who are responsible for tuning the Stealthwatch System, creating and maintaining policies, monitoring traffic, and obtaining and responding to actionable alarms.
CLASS PREREQUISITES

All students should have completed the following (minimum) prerequisites.

  • Cisco Stealthwatch for Security Operations
  • Cisco Stealthwatch for Network Operations
Cisco Stealthwatch Tuning Training (SWAT) - OBJECTIVES

Upon completing this Cisco Stealthwatch Tuning (SWAT) course, learners will be able to meet these objectives:

  • Create summary views of all alarms in the system.
  • Explain how summary views can help prioritize the tuning strategy.
  • Develop tuning recommendations based on security events and alarm summary.
  • Identify workflows for tuning specific security events.
  • Test tuning strategies and recommendations.
Cisco Stealthwatch Tuning Training (SWAT) - COURSE SYLLABUS

Day One

  • Course Introduction
  • Cisco Stealthwatch Tuning Course Overview
  • The Purpose of Tuning
  • Understanding Security Events and Alarms
  • Defining Stealthwatch Policies
  • Lunch
  • Classify the System
    • Lab: Classify Public and Private IP Addresses
    • Lab: Trusted Internet Hosts
    • Lab: Classify Undefined Services and Applications
  • Quiet Noisy Hosts
    • Lab: Classify Network Scanners with the SMC Web UI
    • Lab: Reclassify IPs to Reduce Noise

Day Two

  • Day One Review
  • Posture the System
    • Lab: Edit Role Policy
  • Host Locks and Custom Security Events
    • Lab: Host Locks and Custom Security Events
  • Lunch
  • Response Management
  • Tiered Alarms
    • Lab: Create a Dashboard
  • Culminating Scenario: Tuning
  • Tuning Best Practices in Stealthwatch
  • Cisco Stealthwatch Tuning Course Outcomes
  • Course Conclusion
Cisco Stealthwatch Tuning (SWAT) Course Wrap-Up

Whether you are looking for general information or have a specific question, we want to help.
Request More Information

    Time frame: