StealthWatch


Userlevel 6
Hello, all!

Can you tell me, please, what analog of Cisco's StealthWatch we have?

Thank you!

8 replies

Userlevel 6
Hi. Extreme SIEM is able to do the same = behavioral analysis based on flows. In advance SIEM is able to correlate flows with logs from firewall and antivirus and more => much better from the false positive point of view. Regards Z.
Userlevel 6
Pala, Zdenek wrote:

Hi. Extreme SIEM is able to do the same = behavioral analysis based on flows. In advance SIEM is able to correlate flows with logs from firewall and antivirus and more => much better from the false positive point of view. Regards Z.

Hello, Pala!

In Cisco switches work with StealthWatch (Bundle Catalyst 3650, Lancope StealthWatch).
Where switches work with StealthWatch Appliance as a sensor.
We have to do this with IPFIX on our switches G2?
Or there is other way?

Thank you!
Userlevel 6
Pala, Zdenek wrote:

Hi. Extreme SIEM is able to do the same = behavioral analysis based on flows. In advance SIEM is able to correlate flows with logs from firewall and antivirus and more => much better from the false positive point of view. Regards Z.

We can use flow based switches = does have unsampled NetFlow on each and every port without performance degradation.

We can use X460-G2 = does have ipfix support

We can use any other Extreme Switch with SFLOW support.

Extreme SIEM does support sflow, netflow, jflow, ipfix, cflowd, qflow, raw data...
Userlevel 6
Another question is - how SIEM integrate with NetSight?

Sorry, but I have little knowledge about Extreme's SIEM.

Thank you!
Userlevel 6
The integration between Extreme Control (identity and access management / network access management) is done through alarming = if anything changes with the endsystem the syslog message is generated (java application does have bell icon). Extreme SIEM (Qradar) does recognize the format.

The integration between Extreme Analytics (purview) in old versions was done through syslog. in the new version it is through ipfix = from Analytics Engine to SIEM.

Z.
Userlevel 4
Cisco Stealthwatch uses Net flow to provide visibility across the network, data center, branch offices, and cloud. Its advanced security analytics uncover stealthy attacks on the extended network. Stealthwatch helps us use our existing network as a security sensor and enforce to dramatically improve the threat defense. As per extreme standard this can be replaced as s flow in stead of net flow to serve this better.

Please find below the article link to configure s flow on extreme devices:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-sFlow/
Userlevel 4
Hope you got the response which you were looking for. If needed any more info then let us know on this.
Userlevel 6
Thank you all for information!

For now it's only comparison at the stage of rendering a similar solution.
Only for understanding can we do the similar or not and how we can do this.

Reply