Stealthwatch Cloud Integration with AWS

In this video, we’re going to configure Stealthwatch Cloud integration with AWS. Stealthwatch Cloud is a security analytics tool that provide visibility, threat identification, and compliance. It works seamlessly across AWS, GCP, Azure and even your private LAN. After we're done configuring, Stealthwatch Cloud will be able to read the AWS VPC flow logs that contain all the network flow metadata. Stealthwatch Cloud then uses these VPC logs to perform entity modeling which essentially uses machine learning to create a models or simulation for every network entity. Based on observations, Stealthwatch Cloud can see if there are sudden changes in behavior or anomalous behavior in how the entity is acting and how it's being accessed.

Profile Creation via API - ****DO NOT DO THIS WITH YOUR ISE PRODUCTION ENVIRONMENT****

This video is a little different than the previous ones that I’ve created. I’m starting it out by saying that you should NOT do this in production and this is only for a lab environment. This method is not supported by Cisco and we’re pretty much using a hack to create these profiles. If you call TAC because this doesn’t work or you break something, you’re not going to get support with it. That being said: It still has a very good use. Let’s say you do an endpoint dump from your production environment* of your production environment and you need to create a large number of custom profiles. In that situation, you can still spin up a lab virtual machine, create the profiles there using this method without risking your production environment, and then export the profiles as one bulk file from that lab system using the Export in Policy>Profiling.