Cisco StealthWatch Integration with Splunk
Cisco StealthWatch Integration with Splunk
The StealthWatch system uses NetFlow, IPFIX, and other types of network data collection methods to detect a wide range of attacks from various threats, including APTs, DDoS, zero-day malware, and insider threats.
In fact, licensed Cisco StealthWatch greatly increases the ability to defend against threats by providing detailed network visibility and security analysis. This tool helps you to know all hosts, capture any traffic and also allows you to quickly respond to threats. Cisco Stealthwatch and its licenses, applies machine learning and statistical modeling to data collected from the network, including data center, branch office, endpoints and cloud drives.
Cisco Stealthwatch collects data from every part of the network and applies advanced security analytics to the data. It establishes a baseline for web and network host activity for network host software and applies analytics to automatically detect anomalous behavior. Stealthwatch can detect a wide range of attacks, including malware, zero-day attacks, distributed denial-of-service (DDoS) attempts, advanced persistent threats (APT), and insider threats.
Stealthwatch is also integrated with a cloud-based threat detection and analysis system. As such, it applies a combination of supervised machine learning to learn from what it sees and adapt to changing network behavior over time.
Therefore, the licensed Cisco Stealthwatch can receive more contextual information to identify and prioritize new and emerging threats in the wider network. Advanced security analytics give you deep visibility into both web and network traffic. This information provides visibility and analysis that allows you to identify and prioritize emerging threats across the extended network. Now, you can detect threats that have bypassed existing security controls and identify the extent of data leakage from legitimate cloud services.
Splunk is a software that displays the data sent from all applications, servers and all devices that make up the network structure. This software is a powerful search and analysis engine that is used in organizations and companies. By using this software and its licenses, it is possible to monitor, troubleshoot, warn and report on the data being transmitted on the network in real time for network administrators. Splunk is also very flexible in terms of scalability and can be used for any type of company and organization of any size. The licensed Splunk application can be used to solve minor problems, or it can be used as the main pillar of analysis for a large organization.
Integration of Cisco StealthWatch and Splunk
For integration of these two powerful licensed applications, you can use Cisco Secure Network Analytics (SNA) Splunk Application. Provides a variety of Splunk dashboards designed to interface with SNA to facilitate an incident investigation and response workflow. Most dashboard queries use the SNA API and render data as needed. Because of this approach to data retrieval, this app does not affect the usage limits of your Splunk license.
Cisco SNA Application for Splunk Enterprise
The Cisco Secure Network Analytics (SNA) application provides a comprehensive set of Splunk dashboards designed to interact with Cisco SNA to facilitate an incident investigation and response workflow. Most dashboard queries leverage the StealthWatch API and present data as needed. Because of this approach to data retrieval, this app does not affect the usage limits of your Splunk license.
The Splunk Dashboards include:
- Flows Dashboard
- Alarms Dashboard
- User Report Dashboard
- Top Reports Dashboard
- Host Snapshot Dashboard
- Security Events Dashboard
- Top Alarming Hosts Dashboard
Leverage custom SNA configuration data to dynamically filter results in Splunk, similar to querying directly in SMC. Filter results by:
- IP Addresses/Ranges
- Host Groups
- And more…
Intelligent drill-down features are enabled throughout the app. More details about a specific host are just a click away. API functions are also available for use with Splunk’s free-form lookups.
- Splunk Enterprise Versions 8.0+
- Cisco Secure Network Analytics (SNA) Versions 7.0+