Cisco Stealthwatch Use Case Workshop:
Are There Rogue Hosts In My Network? (UCWRH)

Improve your security defenses, add actionable security intelligence, and increase your network visibility with Cisco Stealthwatch workshops.

Use Case Workshops are hands-on, instructor-led courses focused on specific use case outcomes in Cisco Stealthwatch Enterprise. The workshops are designed to help you quickly identify and investigate common threats and to provide effective workflows so that you can fully understand Stealthwatch capabilities.

In this workshop, you will work through a series of use cases that focus on detecting rogue hosts on your network.This workshop is intended to be interactive and engaging. You are encouraged to ask questions, respond to questions, and share best practices and ideas.

Duration: 3 Hours
Price: $500

After taking this course you should be able to:

  • Adjust policy to create alarms for Brute Force Login.
  • Identify indicators of suspicious activities using the Host Report.
  • Create a custom flow search to identify disallowed DHCP servers.
  • And much more

To complete this workshop, the following components must be installed and configured on your network:

  • Stealthwatch Management Console Version 7.0 or later
  • Stealthwatch Flow Collector

Who Should Attend:
This course is intended for individuals who are responsible for using Stealthwatch to monitor security policy.


  • Validate network configuration of Cisco Stealthwatch appliances.
  • Set base SMC configuration values.
  • Use SMC documents and reports to determine if exporters are set up properly.
  • Use SMC documents and reports, to determine IP addresses that belong to your organization.
  • Place hosts into appropriate host groups.
  • Define services and applications.
  • Add Stealthwatch users with specific roles.
  • Create custom documents.
  • Establish response management rules, triggers, and actions.
[caldera_form id="CF5f08b2a0df058"]