Detailed Course Outline
Day 1
Module 1: Network Telemetry
- The Need for Network Telemetry
- NetFlow Fundamentals
- NetFlow Security Event Logging (NSEL)
- Cisco StealthWatch Solution Overview
Module 2: Architecture and Components of Cisco StealthWatch
- StealthWatch Architecture
- Required Components and Licenses
- Flow Collector
- StealthWatch Management Console (SMC)
- Flow License
- Optional Components and Licenses
- Flow Sensor
- UDP Director
- Threat Intelligence License
- Proxy License
- Identity Integration
- Cloud License
- Endpoint Concentrator
- Learning Network License
- Security Packet Analyzer
Module 3: Design Guidance
- Sizing the Solution
- StealthWatch High Availability Design
- Enterprise Tree and Host Groups
Module 4: Detecting Threats
- Anomaly Detection Model
- Security Events
- Alarm Categories
- Threat Hunting
- Incident Response
- Documentation
Day 2
StealthWatch Solution Labs
- Lab 1: The WebUI
- Lab 2: The Swing Client
- Lab 3: Inspecting Host Group setup
- Lab 4: Performing Flow Queries
- Lab 5: Using Documents
- Lab 6: Confirming the parameters of a rule/policy
- Lab 7: Investigating an Alarm
- Lab 8: Copyright Infringement Event
- Lab 9: Verify Cisco TrustSec Implementation
- Lab 10: Malware Investigation
- Lab 11: Investigating Proxy Connections
- Lab 12: Insider Threat Detection
- Lab 13: Building an audit trail