cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
80990
Views
111
Helpful
8
Comments
Comments
ian.norton
Community Member

I have some ideas to build off of these. Take cryptomining for example, I had asked Cisco to add the stratum protocol to be able to filter by, this would be much more effective than trying to trigger off known ips, known signatures, or even common stratum ports.

jovitale
Cisco Employee
Cisco Employee

Hello Ian,

We very much appreciate your feedback. Stratum protocol detection is scheduled to be added to a Stealthwatch release later this year. Again, thank you for your comment, and if you have any questions or comments, please do not hesitate to contact us.

BubbaFromGA
Cisco Employee
Cisco Employee

Good stuff John! It is nice to have this material on Cisco communities. I'm definitely interested in better ability to detect crypto mining. Let me know if I can help test.

IvanEspinoza754
Level 1
Level 1

Hello,

 

What are the most common security events that you use in Custom event?

 

Thanks for your answer.

 

 

Ivan E.

jamegill
Cisco Employee
Cisco Employee

Hi @IvanEspinoza754 

There are a few good default Custom Security Events documented here.   I find that the most important part of building solid Custom events is having solid host groups, and the Host Classifier App is a good way to get going with that.

 

Let me know what you think

--jg

DaveLarkin17691
Level 1
Level 1

I am looking for some general guidance on a top 20 use cases as a starting point and planning strategy. I understand that these are all company specific lists, but hoping there are some of these use cases that are important for all to utilize in some fashion. This is just for thought and ideas to share based on this communities experiences. Thanks and appreciate any info......

salshei
Cisco Employee
Cisco Employee

Hi Dave Larkin,

 

Try this link for categorized use cases:

http://cs.co/StealthwatchValueUseCaseMenu

or

https://cisco.bravais.com/s/lnmF3Eowwg51t7Rj9DtD

 

Some of the most commonly used usecases are alerting on rogue/unapproved DNS & DHCP servers.

Ed Long
Level 1
Level 1

Wondering if the host classifier app will be supported any time soon in SNA Datastore mode?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: