Use Case Workshop: SIEM Integration with Cisco Stealthwatch (UCWSIEM)


Course Overview

Use Case Workshops are hands-on, instructor-led courses focused on specific use case outcomes in Cisco Stealthwatch Enterprise. The workshops are designed to help you quickly identify and investigate common threats and to provide effective workflows so that you can fully understand Stealthwatch capabilities. In this workshop, you will work through a series of activities that focus on using Cisco Stealthwatch Enterprise to determine whether your network policies are configured correctly and being enforced.

Who should attend

This course is intended for individuals who are responsible for using Stealthwatch to monitor security policy, provide feedback on the configuration, and initiate incident response investigations.


To complete this workshop, the following components must be installed and configured on your network:

  • Stealthwatch Release 7.0 or later
  • Stealthwatch Flow Collector
  • Integration with Firewall
  • Integration with Proxy/Nat Device
  • Integration with Proxy/Nat Device

Course Objectives

After taking this course you should be able to

  • Describe the advantages of integrating Stealthwatch with a SIEM.
  • View SIEM data in Stealthwatch by creating a SIEM external lookup option.
  • Configure the Splunk SIEM to accept Stealthwatch syslog entries through the Response Management feature.
  • Explore a Stealthwatch API integration with Splunk.

Prices & Delivery methods

Online Training

1 day

Classroom Training

1 day

Price (excl. tax)
  • Germany: US$ 500.—

Currently there are no training dates scheduled for this course.