Cisco Stealthwatch for Security Operations (SSO)


Course Description

Cisco Stealthwatch for Security Operations is a virtual Instructor-led, lab-based, handson course. This course focuses on the proper use of host groups, policies and alarm configuration and the three phases of the Cisco Stealthwatch tuning process. Cisco Stealthwatch for Security Operations is a lab intensive course that focuses on those who are responsible for using Stealthwatch for monitoring security policy, providing feedback on the configuration, updating and operation of security tools and initiating incident response investigations.


All students have completed the following (minimum) prerequisites. These prerequisites are available as eLearning courses found in the Cisco Stealthwatch Customer Training Center (LMS) available through the Stealthwatch Customer Community:
  • Flow Basics
  • Cisco Stealthwatch Overview and Components
  • Cisco Stealthwatch SMC Client Interface Overview
  • Cisco Stealthwatch Web App Overview

Who Should Attend

This course is focuses on new users of Cisco Stealthwatch. This course is intended for customers whose role is to use the Cisco Stealthwatch System for security operations and security monitoring.

Learning Objectives

  • Explain what Cisco Stealthwatch is and how it works
  • Explain how hosts and host groups are defined in Cisco Stealthwatch
  • Define basic concepts of policy management
  • Identify the three phases of the Cisco Stealthwatch tuning process
  • Complete workflows to identify indicators of compromise in your network


1: Discover and Classify Public IP Addresses
2: Policy and Using By Function Host Groups
3: Classify and Quiet Specific Hosts
4: Maps
5: Host Locking
6: Incident Response
7: Exploring an Advanced Map
8: Copyright Infringement
9: Insider Threats
10: Analysis of an Attack

Course Info

Length: 2 day
Format: Lecture and Lab
Delivery Method: Virtual / Onsite
Max. Capacity: 16

Contact Us


SSO Data Sheet 20190220.pdf