Cisco Stealthwatch Tuning (SWAT) – Outline

Detailed Course Outline

Module 1: Introduction

  • Cisco Stealthwatch Tuning Course Overview
  • The Purpose of Tuning
  • Understanding Security Events and Alarms
  • Defining Stealthwatch Policies

Module 2: Classify the Stealthwatch System

  • Classify the System
  • Lab: Classify Public and Private IP Addresses
  • Lab: Trusted Internet Hosts
  • Lab: Classify Undefined Services and Applications

Module 3: Quiet Noisy Hosts

  • Quiet Noisy Hosts
  • Lab: Classify Network Scanners with the SMC Web UI
  • Lab: Reclassify IPs to Reduce Noise

Module 4: Posture the Stealthwatch System

  • Posture the System
  • Lab: Edit Role Policy
  • Host Locks and Custom Security Events
  • Lab: Host Locks and Custom Security Events
  • Response Management
  • Tiered Alarms
  • Lab: Create a Dashboard

Module: Summary and Course Wrap-up

  • Culminating Scenario: Tuning
  • Tuning Best Practices in Stealthwatch
  • Cisco Stealthwatch Tuning Course Outcomes
  • Course Conclusion