Cisco StealthWatch Training - lectures
This StealthWatch training course is designed for customers who are unfamiliar with StealthWatch and have responsibilities in security operations. These responsibilities may include monitoring security policy, providing feedback on the configuration, updating and operation of security tools and initiating incident response investigations. The course focuses on the proper use of host groups, policies and alarm configuration and the three phases of the StealthWatch tuning process. It will also cover optimal practices when using StealthWatch to investigate indicators of compromise. Finally, the last day focuses on how to review summarized alarm data and tune your StealthWatch system to detect anomalies in your environment.
- Explain what StealthWatch is and how it works
- Explain how hosts and host groups are defined in StealthWatch
- Define basic concepts of policy management
- Identify the three phases of the StealthWatch tuning process
- Complete workflows to identify indicators of compromise in your network
- Create summary views of all alarms in their system
- Explain how summary views can help prioritize their tuning strategy
- Develop tuning recommendations based on security events and alarm summary
- Identify workflows for tuning specific security events
- Test tuning strategies and recommendations
