For digital CiscoLive 2020 I will be creating a number of follow up addendum videos to CLUS 2019’s BRKRST-2414 session “Network Sleuthing with Stealthwatch: The Science of Investigation” . These videos will be uploaded to the www.ciscolive.com on demand library later this year.
I’ve really learned tons and tons in this environment and have seriously had a blast. Everyone has side projects they do outside of normal business hours… I have found having a lab environment to play and learn in after hours and on weekends is definitely a passion of mine. lol.
I DO admit, though, that my Stealthwatch and my FTDv are starting to show a bunch of legacy configs and such from when I was newer to it all. LOL. So that… coupled with the desire to add a bunch of other new stuff to the environment has made me come to a decision.
It’s time to do a major overhaul on my lab environment and share the fun with y’all. First …. I need to really start almost clean slate. lol… I can barely even follow my diagrams and word document I have for this environment. So if I wanna make new Stealthwatch stuff for CiscoLive… AND I also want to add to this and grow it even more… it is time to just dive in and clean it all up.
Rebuilding the Base: Let the Spring Cleaning Begin!
Pretty much except for moving cables I’m starting completely fresh. Why? Cause there is going to be a lot more that will be getting added to this environment. Can’t tell you what yet. 🙂 You will see soon enough.
Start Fresh & Grow
Stealthwatch
- Start the Stealthwatch VMs completely fresh and go with the in-house image that is after 7.1.
- Add Stealthwatch VMs – UDP Director, Flow Sensor, and the Endpoint Concentrator
- Add all the new Stealthwatch Apps
You will be seeing more here… but for now it is in-house only and not yet out in the wild. 🙂 So be patient.
FMC/FTDv
- Start the VMs completely fresh and go with the latest code – 6.6
- Move the position of the FTDv in the environment to connect core to fake internet only
Routers & Switches
- upgrade the code versions
- wipe the configs and start fresh
Subnets, Clients, Servers, VMs and Traffic Flow
Honestly I have so many subnets that have been added over time for varying “quick try this” type things….. I can honestly barely remember what those varying subnets were even for let alone try to explain it to y’all in blogs or addendums for the CiscoLive Video on Demand Library.
LET THE PLAY BEGIN! Very excited to be bringing y’all along for the ride. 🙂
Categories: Security, Stealthwatch
Leave a Reply