Cisco Stealthwatch Tuning (SWAT) – Outline

Detailed Course Outline

Day One

  • Course Introduction
  • Cisco Stealthwatch Tuning Course Overview
  • The Purpose of Tuning
  • Understanding Security Events and Alarms
  • Defining Stealthwatch Policies
  • Lunch
  • Classify the System
    • Lab: Classify Public and Private IP Addresses
    • Lab: Trusted Internet Hosts
    • Lab: Classify Undefined Services and Applications
  • Quiet Noisy Hosts
    • Lab: Classify Network Scanners with the SMC Web UI
    • Lab: Reclassify IPs to Reduce Noise

Day Two

  • Day One Review
  • Posture the System
    • Lab: Edit Role Policy
  • Host Locks and Custom Security Events
    • Lab: Host Locks and Custom Security Events
  • Lunch
  • Response Management
  • Tiered Alarms
    • Lab: Create a Dashboard
  • Culminating Scenario: Tuning
  • Tuning Best Practices in Stealthwatch
  • Cisco Stealthwatch Tuning Course Outcomes
  • Course Conclusion