Cisco Stealthwatch Tuning Training (SWAT)
|Commitment||2 days, 7-8 hours a day.|
|How To Pass||Pass all graded assignments to complete the course.|
|User Ratings||Average User Rating 4.8 See what learners said|
|Delivery Options||Instructor-Led Onsite, Online, and Classroom Live|
Cisco Stealthwatch Tuning Training (SWAT) Course – Hands-on
Cisco Stealthwatch Tuning Training (SWAT) is a 2-day instructor-led, lab-based, hands-on course offered by the Cisco Stealthwatch Learning Services team. A strong understanding of the Stealthwatch tuning process is crucial for gaining visibility across your enterprise and detecting actionable threats. This two-day course covers all essential aspects of the tuning process, including tuning best practices, which will optimize the Stealthwatch System.
Cisco Stealthwatch Tuning Training (SWAT) Course – Customize it
- We can adapt this training course to your group’s background and work requirements at little to no added cost.
- If you are familiar with some aspects of this training course, we can omit or shorten their discussion.
- We can adjust the emphasis placed on the various topics or build the training around the mix of technologies of interest to you (including technologies other than those included in this outline).
- If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the training course in manner understandable to lay audiences.
Cisco Stealthwatch Tuning Training (SWAT) Course – Audience/Target Group
- This course is intended for individuals who are responsible for tuning the Stealthwatch System, creating and maintaining policies, monitoring traffic, and obtaining and responding to actionable alarms.
Cisco Stealthwatch Tuning Training (SWAT) Course – Class Prerequisites
The knowledge and skills that a learner must have before attending this training course are:
- Cisco Stealthwatch for Security Operations
- Cisco Stealthwatch for Network Operations
Cisco Stealthwatch Tuning Training (SWAT) Course – Objectives:
Upon completing this training course, learners will be able to meet these objectives:
- Create summary views of all alarms in the system.
- Explain how summary views can help prioritize the tuning strategy.
- Develop tuning recommendations based on security events and alarm summary.
- Identify workflows for tuning specific security events.
- Test tuning strategies and recommendations.
Cisco Stealthwatch Tuning Training (SWAT) – Course Content
Module 1: Introduction
- Cisco Stealthwatch Tuning Course Overview
- The Purpose of Tuning
- Understanding Security Events and Alarms
- Defining Stealthwatch Policies
Module 2: Classify the Stealthwatch System
- Classify the System
- Lab: Classify Public and Private IP Addresses
- Lab: Trusted Internet Hosts
- Lab: Classify Undefined Services and Applications
Module 3: Quiet Noisy Hosts
- Quiet Noisy Hosts
- Lab: Classify Network Scanners with the SMC Web UI
- Lab: Reclassify IPs to Reduce Noise
Module 4: Posture the Stealthwatch System
- Posture the System
- Lab: Edit Role Policy
- Host Locks and Custom Security Events
- Lab: Host Locks and Custom Security Events
- Response Management
- Tiered Alarms
- Lab: Create a Dashboard
Module: Summary and Course Wrap-up
- Culminating Scenario: Tuning
- Tuning Best Practices in Stealthwatch
- Cisco Stealthwatch Tuning Course Outcomes
- Course Conclusion