StealthWatch

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
Hello, all!

Can you tell me, please, what analog of Cisco's StealthWatch we have?

Thank you!
Photo of Alexandr P

Alexandr P, Embassador

  • 12,042 Points 10k badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 8,474 Points 5k badge 2x thumb
Hi.

Extreme SIEM is able to do the same = behavioral analysis based on flows. In advance SIEM is able to correlate flows with logs from firewall and antivirus and more => much better from the false positive point of view.

Regards

Z.
Photo of Alexandr P

Alexandr P, Embassador

  • 12,042 Points 10k badge 2x thumb
Hello, Pala!

In Cisco switches work with StealthWatch (Bundle Catalyst 3650,  Lancope StealthWatch).
Where switches work with StealthWatch Appliance as a sensor.
We have to do this with IPFIX on our switches G2?
Or there is other way?

Thank you!
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 8,474 Points 5k badge 2x thumb
We can use flow based switches = does have unsampled NetFlow on each and every port without performance degradation.

We can use X460-G2 = does have ipfix support

We can use any other Extreme Switch with SFLOW support.

Extreme SIEM does support sflow, netflow, jflow, ipfix, cflowd, qflow, raw data...
Photo of Alexandr P

Alexandr P, Embassador

  • 12,042 Points 10k badge 2x thumb
Another question is - how SIEM integrate with NetSight?

Sorry, but I have little knowledge about Extreme's SIEM.

Thank you!
(Edited)
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 8,474 Points 5k badge 2x thumb
The integration between Extreme Control (identity and access management / network access management) is done through alarming = if anything changes with the endsystem the syslog message is generated (java application does have bell icon). Extreme SIEM (Qradar) does recognize the format.

The integration between Extreme Analytics (purview) in old versions was done through syslog. in the new version it is through ipfix = from Analytics Engine to SIEM.

Z.
Photo of Tripathy, Priya Ranjan

Tripathy, Priya Ranjan, ESE

  • 2,306 Points 2k badge 2x thumb
Cisco Stealthwatch uses Net flow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps us use our existing network as a security sensor and enforce to dramatically improve the threat defense. As per extreme standard this can be replaced as s flow in stead of net flow to serve this better. 

Please find below the article link to configure s flow on extreme devices:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-sFlow/
(Edited)
Photo of Tripathy, Priya Ranjan

Tripathy, Priya Ranjan, ESE

  • 2,306 Points 2k badge 2x thumb
Hope you got the response which you were looking for. If needed any more info then let us know on this.
Photo of Alexandr P

Alexandr P, Embassador

  • 12,042 Points 10k badge 2x thumb
Thank you all for information!

For now it's only comparison at the stage of rendering a similar solution.
Only for understanding can we do the similar or not and how we can do this.