The Stealthwatch Pre Sales Training (SWSE) v1.0 course is designed for System Engineers (SEs) who can go to a customer's site and conduct a proof of value (POV) engagement. The SEs will take the data gathered from the POV and place it into a Visibility Assessment template to give to the customer as a formal report. The Visibility Assessment supports the Network as a Sensor message and has been created to help simplify the Stealthwatch System so it meets the customer's requirements.

The course is about understanding the reports inside of the Visibility Assessment and how to gather the data to use in the report. The Assessment will produce the session data from the customer's environment. The SE will use this data from the customer's environment to create specific use cases that reinforce the 'win' criteria. It is the responsibility of the SE to identify the strongest examples that should be used to help sell the value of Stealthwatch. In order to be eligible to take the Visibility Assessment Boot Camp course, each participant must have a certain requisite knowledge and a basic understanding of Stealthwatch in order be able to complete the tasks required for the POV.


After finishing this course, you will be able to:
  • Use the Visibility Assessment model to help simplify the POV process
  • Provide an overview of the customer's internal monitored network
  • Identify traffic to suspect countries
  • Perform an analysis of unauthorized DNS activities
  • Identify users bypassing authorized proxy servers
  • Perform an analysis of unauthorized SMB activities
  • Perform a behavioral analysis of users and hosts on the network
  • Identify remote access breaches
  • Identify suspected traffic due to Telnet activity


The SWSE v1.0 course contains the following components:
  • Intro & overview of course goals and objectives
  • dCloud Lab Setup & Getting Familiar with dataset and components
  • Presentation of TDM deck - Using Sales Connect as place to download
  • Live Demonstration
  • Demo Strategies and which demo systems to use for customer demos
  • Review Completed Visibility Assessment and simple strategy to sell value to customers
  • Core Architecture Review & Sizing
  • Deploying a POV from scratch/ESX
  • OV & Assessment Success Stories - share stories and examples.
  • Simulated customer call: Overview of monitored network
  • Simulated customer call: Classifying internal network and looking for existing scanners
  • Customer Success Model, Integrations, and Available Integration Services
  • Simulated customer call: Classifying Assets to optimize detection
  • Simulated customer call: Identifying Rogue DNS traffic and risks.
  • Security Detection Model
  • Six Phased approached to tuning
  • Simulated customer call: Summarizing Security Events to identify top threats.
  • Simulated customer Call: Protocol Analysis & Suspect Country Traffic
  • Extended Architecture: Packet Analyzer, Stealthwatch Learning Networks, Cloud License, Proxy License, Endpoint
  • Building a bill of materials and best practice design
  • Licensing Overview & Requesting NFR/LAB Software
Lab outline:
  • Working with the Assessment Configuration Template
  • Working with the “00-Top Internal Scanning Hosts” Report
  • Assessing the Visibility Of The Internal Monitored Network Report
  • Analyzing Outside To Outside Hosts And Communication
  • Server Classification
  • DNS Risk Analysis
  • Proxy Violation Analysis
  • Smb Risk Analysis
  • Alarms Over The Last 14 Days Analysis
  • Remote Access Breach Analysis
  • Telnet Risk Analysis
  • Traffic From Suspect Countries

Prerequisite Knowledge

Prerequisite knowledge and a basic understanding of Stealthwatch.