Manage Stealthwatch Security Analytics

Review the status of sites and fabrics

With Stealthwatch Security Analytics, you can view the status of the devices for each site or fabric.

Procedure

Step 1

From the main menu, choose Provision > Stealthwatch Security.

Step 2

In the left pane, choose the site or fabric for which you want to view the status.

The card for the site or fabric displays these colors:

Blue: for the devices on which Stealthwatch Security Analytics is enabled.
Green: for the devices on which Stealthwatch Security Analytics can be enabled as they have passed the prechecks.
Red: for the devices on which Stealthwatch Security Analytics can't be enabled as they have failed the prechecks.
Purple: for the devices on which ETA telemetry is enabled.

Step 3

Click a site or fabric card to view the device status.

View the devices that are Ready, Not Ready, or Enabled, and then click the corresponding tab.

The devices in a particular site or fabric can have these statuses:

Enabled Devices: these devices have Stealthwatch Security Analytics enabled.
Not ready Devices: these devices have failed either one or more prechecks.

The green check marks indicate the prechecks that the device has passed, while the red icons indicate the precheck that the device has failed. Hover your cursor over the red icon to view more information about the failed checks.
Ready Devices: these devices pass all the prechecks, and can be enabled for Stealthwatch Security Analytics.

View scheduled tasks

Procedure

Step 1	From the main menu, choose Activities > Tasks. By default, the Tasks window displays all the upcoming, in-progress, failed, and successful tasks, and existing, pending-review, and failed work items.
Step 2	In the left pane, under Type, click Task to view only tasks.
Step 3	In the left pane, under Status, check the Upcoming check box to view only scheduled tasks.
Step 4	In the left pane, complete these steps to view only the scheduled Stealthwatch Security Analytics tasks: Expand Categories. Click Show all. In the Search field, enter `SSA`. Check the SSA check box.
Step 5	Click a task to view more information about it. For more information about managing your task, see "View, Edit, and Delete Tasks" in the Cisco Catalyst Center Administrator Guide.

Update Stealthwatch Security Analytics

With Stealthwatch Security Analytics, you can update the configurations on devices that have previously been enabled, because changes to the network can occur over time.

Procedure

Step 1

From the main menu, choose Provision > Stealthwatch Security.

Step 2

In the left pane, use the drop-down list to choose the required option.


If you want to enable Stealthwatch Security Analytics for...	Then choose...
sites	All Sites
fabrics	All Fabrics

By default, All Sites is chosen.

Step 3

From the left hierarchy tree, choose the site or fabric for which you want to update Stealthwatch Security Analytics.

Alternatively, you can use the search bar to search for the site or fabric.

Step 4

Click the site card to select the site or fabric for which you want to update Stealthwatch Security Analytics.

The site card displays the number of devices that are Enabled, Ready, and Not Ready.

Note

At least one device must be enabled to update Stealthwatch Security Analytics.

Step 5

Click Get Started.

Step 6

Review the flow destination setup for the selected site or fabric.


If you want to exclude updating Stealthwatch Security Analytics on...	Then...
all devices	click the Exclude all devices toggle button.
specific devices	under the Exclude Device column, click the corresponding toggle button.

Step 7

Click Next.

Step 8

Ensure that the Enabled tab is selected in the device table.

Step 9

Click the Update radio button.

Note

Updating devices configures only what needs to be updated on the relevant network devices. For example, if 10 access interfaces had previously been enabled and there is one interface that is now relevant, updating the device only pushes a configuration change to the one new interface.

Updating the device includes these updates:

A new line card is added
Changes are made to interfaces that have access points plugged in
Changes are made to VLANs

Step 10

Schedule the task for deployment.

Depending on Visibility and Control of Configurations settings, you can either:

Deploy the device configurations immediately or schedule the deployment for later. For details, see Deploy your device configurations now or later.
Preview and deploy the device configurations. For details, see Preview and deploy your device configurations.

Step 11

On the Tasks window, monitor the task deployment.

Disable Stealthwatch Security Analytics

Procedure

Step 1

From the main menu, choose Provision > Stealthwatch Security.

Step 2

In the left pane, use the drop-down list to choose the required option.


If you want to disable Stealthwatch Security Analytics for...	Then choose...
sites	All Sites
fabrics	All Fabrics

By default, All Sites is chosen.

Step 3

From the left hierarchy tree, choose the site or fabric for which you want to enable Stealthwatch Security Analytics.

Alternatively, you can search for the site or fabric using the search bar.

Step 4

Click the site card to select the site or fabric for which you want to disable Stealthwatch Security Analytics.

The site card displays the number of devices that are Enabled, Ready, and Not Ready.

Note

At least one device must be enabled for you to disable Stealthwatch Security Analytics.

Step 5

Review the prechecks and click Get Started.

Step 6

Review the flow destination setup for the selected site or fabric.


If you...	Then...
want to change the flow destination	Click Change Settings. Set a new flow destination and restart the workflow.
see the Select a flow destination for the site to proceed error	Click Update Settings. Set a flow destination and restart the workflow.

Step 7

Click Next.

Step 8

Ensure that the Enabled tab is selected in the device table.

Step 9

Review the list of devices on which Stealthwatch Security Analytics will be disabled.


If you want to exclude enabling Stealthwatch Security Analytics on...	Then...
all devices	click the Exclude all devices toggle button.
specific devices	under the Exclude Device column, click the corresponding toggle button.

Step 10

Click the Disable radio button.

Step 11

Schedule the task for deployment.

Depending on Visibility and Control of Configurations settings, you can either:

Deploy the device configurations immediately or schedule the deployment for later. For details, see Deploy your device configurations now or later.
Preview and deploy the device configurations. For details, see Preview and deploy your device configurations.

Step 12

On the Tasks window, monitor the task deployment.

Stealthwatch Security Analytics Service on Cisco Catalyst Center User Guide, Release 3.1.3

Bias-Free Language

Book Title

Stealthwatch Security Analytics Service on Cisco Catalyst Center User Guide, Release 3.1.3

Chapter Title