+46790083233
Cisco Stealthwatch is a security tool that gives us very deep and detailed visibility into our network allowing us to keep track of everything happening through network telemetry. Within Cisco Secure Network Analytics (CSNA)dashboard several alarm categories are available and for each category you can see a number which indicates how many network endpoints are currently exhibiting that particular behavior.
Within the dashboard, some intuitive graphical represent our network activity and alarming hosts. Essentially, the concern index is essentially a measure of repetition. With the Cisco StealthWatch Recon category, hosts would trigger this alarm if they are performing unauthorized scans using tcp or udp against hosts in the network. That can be an early indicator that someone is gathering intel about the network.
Cognitive threat analytics uses Cisco cloud-based machine learning engine and this is used to automatically identify suspicious or malicious web traffic. Cisco cognitive intelligence automatically analyzes over 10 billion web requests every day, so it has the ability to create a baseline of normal activity on your network and use that analytical data to identify any traffic anomalies that might be found.
Stealthwatch leverages network telemetry using NetFlow data and this feature is going to give you a quick look at the flows per second that were detected within the last 24 hours of operation. So this is going to allow you to see spikes in your traffic from a high level.
Using StealthWatch integrated Cisco Identity Services allows for adaptive network control that’s what ANC stands for. This feature would allow you to perform actions such as shutting down the host or quarantining the host from the network. We can also use our top monitor menu to take a look at specific hosts at host groups users or interfaces.
This will show us a list of all hosts by default and we can filter those out more specifically we can see our overall concern index for any particular host as well as the alarm categories that we saw from the main dashboard under the analyze menu. Also we can perform flow searches or host searches and we can see any saved searches or results.
