Cisco Stealthwatch Security (SSO)
Description
The Cisco Stealthwatch Security (SSO) v7.1 is a 2-day instructor-led or virtual instructor-led course, which focuses on using Cisco Stealthwatch Enterprise from the perspective of a security analyst. The overarching goal of the course is to use Stealthwatch to investigate potential security issues and make initial determinations of whether to proceed with a more thorough investigation or to move on to the next potential threat.
This course will help you:
Important note: This course is available only to qualified Cisco Stealthwatch customers.
This course will help you:
- Develop workflows for security investigations.
- Understand how events and alarms are produced in the system.
Important note: This course is available only to qualified Cisco Stealthwatch customers.
Training Availability and Pricing
Date
Lang.
Location
Price

Date: /
Language: /
Location: /
3000 $
Objectives
After taking this course, you should be able to:
- Describe how the Stealthwatch System provides network visibility through monitoring and detection.
- Describe the goals of using Stealthwatch in the proactive and operational modes.
- Define basic concepts of investigation and detection of potential security issues using the Stealthwatch System.
- Complete workflows to identify indicators of compromise in your network.
- Describe alarm types and alarm notification within Stealthwatch.
- Explain the utility of maps in the Stealthwatch System.
- Describe how the Stealthwatch System contributes to successful incident handling.
Outline
The course contains the following components:
- Day One
- Course Introduction
- Cisco Stealthwatch Security Course Overview
- Introduction to Security
- Using Stealthwatch in the Proactive Mode
- Pattern Recognition
- Investigation and Detection Using Stealthwatch
- Lab: Using Top Reports and Flow Tables for Detection
- Lab: Creating and Using Dashboards for Detection
- Lab: Creating Custom Security Events
- Lab: Proactive Investigation Practice
- Day Two
- Day One Review
- Using Stealthwatch in the Operational Mode
- Alarms and Alarm Response
- Maps
- Lab: Responding to Alarms
- Lab: Using Maps for Incident Response
- Host Identification
- Lab: Identify Hosts Using Host Snapshot and Host Report
- Culminating Scenario: Using Stealthwatch for Insider Threats
- Security Best Practices in Stealthwatch
- Cisco Stealthwatch Security Course Outcomes
- Course Conclusion
Prerequisite Knowledge
It is strongly recommended to complete the Stealthwatch Foundations training prior to taking this course.