Cisco Stealthwatch is the most comprehensive network traffic security, visibility, and analytics solution, using enterprise telemetry from the existing network infrastructure. Using multilayer machine learning and entity modeling, it provides:
- advanced threat detection
- accelerated threat response
- simplified network segmentation
Cisco Stealthwatch has recently received some great updates. And, DevNet is at the ready to bring you new Learning Labs to help you get started. With advanced behavioral analytics, you’ll always know who is on your network and what they are doing
Register now to attend the webinar on October 6, 8AM PDT.
It’s an easy way for you to learn about the new updates and learning labs.
New Stealthwatch Cloud Learning Module
In the new Stealthwatch Cloud Learning Module, we highlight capabilities around detection and response. You can now add value to the Security Operations Team by automating all the mundane tasks of
- alert response
- event triage
- data gathering
- threat investigation
The lab begins using a Python script to poll the Stealthwatch Cloud API for any new alerts. Once a new alert is detected, a workflow kicks off which compiles all the alert data and stores it into an array. Now that you have a list of all the alerts, you can dive deeper into alert observations.
The lab focuses on two alert types – Inbound Port Scanner and Excessive Access Attempts. In reality, Now you can focus on any alert type that is meaningful to you or your organization. You simply gather all the observations associated with these alerts and create a Webex Teams message that provides:
- alert type
- alert ID
- attacker and target observables
- time of the attack
- a redirect URL that takes you directly into the Stealthwatch Cloud alert details
For the latest info on Stealthwatch Enterprise, please join the upcoming webinar!
Want to learn more and can’t wait for the webinar?
Check out the new learning modules:
This webinar is part of a bigger webinar series as described in this blog post.
Are you getting prepared to become a Cisco Certified DevNet Security Specialist? Then you are in luck: following this webinar series can be a perfect foundation for your studying efforts. In just a few months, we will walk you through all the Security API’s that Cisco has to offer!
Security Automation and Orchestration Webinar Series
- Sept 1, 8AM PDT – Overview of the Security API’s
- Sept 22 8AM PDT – Firepower Threat Defense API’s
- October 6, 8AM PDT – Cisco Stealthwatch Enterprise and Cloud API’s
- October 27 8AM PDT – Application First Security
- More to come!
Got questions or comments? Please leave me a note in the Comments section below.
- Visit the DevNet Security Dev Center
- Learn about Cisco Application-First security
- Learn about the DevNet Specialist certification for security automation and programmability