Transcription of Stealthwatch System Configuration Guide v7.3 - Cisco
1 Cisco StealthwatchSystem Configuration Guide Table of ContentsIntroduction6 Overview6 Audience6 Terminology6 Abbreviations6 Before You Begin8 Installation Requirements8 Hardware8 Virtual Edition (VE) Appliances8 Configuration Details9 downloading Software9 Licensing9 TLS9 Third Party Applications9 Browsers9 Host Name10 Domain Name10 NTP Server10 Time Zone101. Configuring Stealthwatch11 Preparation11 Stealthwatch with a Data Store11 Appliance Setup Tool Requirements11 Managed11 SMC Failover12 Best Practices12 Appliance Configuration Order131. Log In15 2021 CiscoSystems, Configure the Appliance163. Register the Stealthwatch Management Console204. Add Appliances to Central Management215. Confirm Appliance Status232. Finishing Appliance Configurations25 UDP Director27 Configuring Forwarding Rules27 Configuring High Availability28 Primary Node and Secondary Node29 Requirements291.
2 Configure the Primary UDP Director HA292. Configure the Secondary UDP Director HA31 Flow Sensor321. Configure the Application ID and Payload322. Configure the Flow Sensor to Identify Applications (optional)353. Restart the Appliance363. installing the Stealthwatch Desktop Client37 Install the Desktop Client Using Windows37 Change the Memory Size38 Install the Desktop Client Using macOS39 Change the Memory Size404. Verifying Communications41 Verify NetFlow Data Collection415. Licensing44 Evaluation Mode44 Defining an SMC Failover Relationship45 Configuring Failover45 Primary and Secondary Roles45 Enabling the Threat Intelligence Feed47 License47 2021 CiscoSystems, Alarms and Security Events47 Configuring SAML SSO49 Support Details491.
3 Prepare for Configuration492. Upload Certificates to the Trust Store503. Configure the Service Provider504. Enable SSO525. Configure the Identity Provider526. Add an SSO User537. Test SAML Login53 Troubleshooting54 Getting Started with Stealthwatch55 Overview55 Managing Your Environment55 Investigating Behavior55 Responding To Threats55 Central Management57 Central Management and Appliance Administration Interface57 Opening Central Management58 Opening Appliance Admin58 Opening Appliance Admin through Central Management58 Opening Appliance Admin through Direct Login58 Editing Appliance Configuration59 Viewing Appliance Statistics60 Removing an Appliance from Central Management60 Adding an Appliance to Central Management61 Enable/Disable SSH62 Open SSH62 Enable SSH63 2021 CiscoSystems.
4 SSH63 Troubleshooting64 Config Channel Down64 Opening Appliance Administration Interface64 Replacing the Appliance Identity65 Changing the Host Name, Domain Name, or IP Address65 Opening the Appliance Setup Tool65 System Configuration Overview66 Changing the Trusted Hosts66 Resetting Factory Defaults67 RFD of a Flow Collector (Special Instructions)68 Enabling/Disabling Admin Users68 Enabling or Disabling Password Reset68 Resetting Passwords to Default Settings69 Resetting the Admin Password on the SMC69 Resetting Admin, Root, Sysadmin Passwords to Default69 Changing Passwords71 Changing the Sysadmin Password72 Changing the Root Password72 Changing the Admin Password on the SMC72 Changing the Admin Password on All Other Appliances72 installing Patches and updating Software74 Contacting Support75 2021 CiscoSystems, this Guide to configure the following Cisco Stealthwatch Enterprise hardware and Virtual Edition (VE) appliances to one managed System in.
5 LStealthwatch Management Console (SMC) lStealthwatch Flow Collector lStealthwatch Data Node lStealthwatch Flow Sensor lStealthwatch UDP DirectorFor more information about Stealthwatch , refer to the following online resources: lOverview: lAppliances: lRelease Notes: For details, refer to the Release intended audience for this Guide includes network administrators and other personnel who are responsible for installing and configuring Stealthwatch products. If you are configuring virtual appliances, we assume you have basic familiarity with VMware or KVM. If you prefer to work with a professional installer, please contact your local Cisco Partner or Cisco Stealthwatch Support. TerminologyThis Guide uses the term appliance for any Stealthwatch product, including virtual products such as the Stealthwatch Flow Sensor Virtual Edition (VE).
6 A "cluster" is your group of Stealthwatch appliances that are managed by the Stealthwatch Management Console (SMC).AbbreviationsThe following abbreviations may appear in this Guide : 2021 CiscoSystems, Name System (Service or Server)dvPortDistributed Virtual PortESXE nterprise Server XGBG igabyteIDSI ntrusion detection SystemIPSI ntrusion Prevention SystemISOI nternational Standards OrganizationITInformation TechnologyKVMK ernel-based Virtual MachineMTUM aximum Transmission UnitNTPN etwork Time ProtocolOVFOpen Virtualization FormatSMCS tealthwatch Management ConsoleTBTerabyteUUIDU niversally Unique IdentifierVDSvNetwork Distributed SwitchVEVirtual EditionVLANV irtual Local Area NetworkVMVirtual Machine 2021 CiscoSystems, You BeginBefore you begin the Configuration process, review this Guide to understand the process as well as the preparation, time.
7 And resources you'll need to plan for the RequirementsBefore you configure Stealthwatch using this Guide , install your hardware and virtual appliances using the following guides: Hardware lHardware Installation: Install your appliance hardware (physical appliances) using the Stealthwatch x2xx Series Hardware Installation Guide before you start this Configuration . lHardware Installation with a Data Store: If you are deploying Stealthwatch with a Data Store, install your appliance hardware (physical appliances) using the Stealthwatch x2xx Series Hardware (with Data Store) Installation Guide before you start this Configuration . Also, follow the Stealthwatch Data Store Hardware Deployment and Configuration Guide to properly configure your appliances for Data Store before you start this Configuration .
8 LSpecifications: Hardware specifications are available on lSupported Platforms: To view the supported hardware platforms for each System version, refer to the Hardware and software Version Support Matrix on Virtual Edition (VE) Appliances lVirtual Edition Installation: Install your virtual appliances using the Stealthwatch Virtual Edition Installation Guide before you start this Configuration . lVirtual Edition with Data Store Installation: If you are deploying Stealthwatch Virtual Edition with a Data Store, install your virtual appliances using the Stealthwatch Virtual Edition (with Data Store) Installation Guide before you start this Configuration . Also, follow the Stealthwatch Data Store Virtual Edition Deployment and Configuration Guide to properly configure your appliances for Data Store before you start this Configuration .
9 2021 CiscoSystems, DetailsThe System Configuration includes the following: lConfiguration Order: Make sure you configure the appliances following the instructions in this Guide and using the specified order. lCertificates: Appliances are installed with a unique, self-signed appliance identity certificate. lCentral Management: You can manage your appliances from the primary SMC/Central Manager. downloading SoftwareUse Cisco software Central to download virtual appliance (VE) installation files, patches, and software update files. Log in to your Cisco Smart Account at or contact your administrator. LicensingFor licensing Stealthwatch , you will use your Smart Account to register your product instance, manage licenses, run reports, and configure notifications.
10 Log in to your Cisco Smart Account at or contact your administrator. When you use Stealthwatch in Evaluation mode, you can use selected features for 90 days. To use Stealthwatch with maximum default functionality, and to add licenses and features to your account, register your product instance for Smart software Licensing. Refer to 5. Licensing for more sure you register your product instance before the 90-day evaluation period expires. When the evaluation period expires, flow collection will stop. To start flow collection again, register your product instance. TLSS tealthwatch requires Party ApplicationsStealthwatch does not support installing third party applications on appliances. BrowsersStealthwatch supports the latest version of Chrome, Firefox, and Edge.
