Secure Network Analytics Integration

Cisco Secure Network Analytics (formerly known as Stealthwatch Enterprise) provides full visibility across your network and uses advanced analytics to detect and respond to threats in real time. These threats include command-and-control (C&C) attacks, ransomware, distributed denial-of-service (DDoS) attacks, illicit cryptomining, unknown malware, and insider threats.

Secure Network Analytics uses agentless behavioral monitoring and anomaly detection to identify suspicious activities, helping detect and respond to threats without needing software agents installed on devices.

By integrating with other global threat intelligence sources and internal visibility tools, Secure Network Analytics validates its findings using confirmed threat information and local data. Additionally, integration with Cisco control devices enables quick, two-click mitigation and resolution of detected threats.

The telemetry sources for Secure Network Analytics integrated with Cisco XDR are shown below:

Once Secure Network Analytics is integrated with Cisco XDR, Critical and Major security alarms are sent from the Security Services Exchange and analyzed by the current platform to support investigations. These alarms are converted into incidents, complete with details like sightings, observables, and indicators based on the alarm metadata.

During an investigation, for every valid IP address requested, Secure Network Analytics provides:

  • A list of associated security events from the last 30 days,

  • The most recent 100 security events, and

  • Events where the IP was involved as either the source or destination.

More information on configuring your Secure Network Analytics Manager to send security alarms to Security Services Exchange and providing access to the alarms is available on the Secure Network Analytics Configuration Guides page.