Cisco Stealthwatch uses NetFlow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network.
The Stealthwatch for Field Engineers (SWFE) v1.0 course will help you understand Cisco Stealthwatch architecture, deployment, configuration, and alarm best practices. This is hands-on, lab-intensive training as we spend at least half of the time alloted to the class in the labs.


After finishing this course, you will be able to:
  • Provide an overview of Netflow protocol and show the basic Netflow configuration on Cisco platforms
  • Provide an overview of Stealthwatch architecture and components
  • Guide you through the installation process of different Stealthwatch appliances
  • Provide an overview of Web and Java GUI on Stealthwatch Management Console
  • Show you how to perform basic classificaton of host groups
  • Explain basics of Stealthwatch alarm model
  • Explain Stealthwatch policies and basic tuning procedures
  • Show you how to backup and upgrade Stealthwatch appliances


The course consists of the following lessons and labs:
Day 1
  • Intro
  • Stealthwatch Overview
  • NetFlow Review
  • Stealthwatch Architecture Required Components
  • Stealthwatch Architecture Optional Components
  • Stealthwatch Installation Prerequisite Data Gathering and Planning
  • Stealthwatch Appliance Installation
  • License Planning and Review
  • Prerequisites Completed: Field Engineer Onsite Arrival
  • Appliance Configuration
  • Stealthwatch: Interface Review
  • SMC Customization
  • Exporter NetFlow Validation
  • Stealthwatch Data Organization: Domains and Host Groups
  • Course Installation Training Scenario
  • dCloud Session Lab and Access Instructions
  • Lab Scenarios:
    • Scenario 1: Appliance Setup Tool (All Day 1 Appliances)
    • Scenario 2: Stealthwatch System Setup Tool (SMC)
    • Scenario 3: Appliance Post-Install Configuration & Verification
    • Scenario 4: SMC Interface Configuration
    • Scenario 5: Verify Flow Data
    • Scenario 6: Change Appliance Administrative Account Passwords
    • Scenario 7: Configure Host Groups
    • Scenario 8: Stealthwatch User & Role Management
Day 2
  • Optimizing Stealthwatch Configuration
  • Understanding the Stealthwatch Alarm Model
  • Policy and Tuning
  • Viewing and Tuning Stealthwatch Alarms
  • Operationalizing Stealthwatch
  • Customizing Documents
  • Additional Stealthwatch Appliance Configuration Settings
  • Stealthwatch Upgrades and Patches
  • Lab Scenarios
    • Scenario 9: Classification of Customer Environment
    • Scenario 10: Response Management
    • Scenario 11: Configure Appliance SNMP Agent
    • Scenario 12: Determine FC Estimated Storage Capacity
    • Scenario 13: Create Configuration Backups
    • Scenario 14: Stealthwatch Upgrade – Appliance Admin Page

Prerequisite Knowledge

Student is familiar with Stealthwatch and has completed the prerequisite training material.