Request a Stealthwatch Cloud Portal
Provision a Stealthwatch Cloud Portal
Required License: Logging Analytics and Detection or Total Network Analytics and Monitoring
If you purchase a Logging Analytics and Detection or Total Network Analytics and Monitoring license, after you deploy and configure the Secure Event Connector (SEC), you must associate a Stealthwatch Cloud portal with your CDO portal to view Stealthwatch Cloud alerts. When you purchase the license, if you have an existing Stealthwatch Cloud portal, you can provide the Stealthwatch Cloud portal name and immediately link it to your CDO portal.
Otherwise, you can request a new Stealthwatch Cloud portal from the CDO UI. The first time you access Stealthwatch Cloud alerts, the system takes you to a page to request the Stealthwatch Cloud portal. The user that requests this portal is granted administrator permission in the portal.
- In CDO, select Monitoring > Security Analytics to open the SWC UI in a new window.
- Click Start Free Trial to provision a Stealthwatch Cloud portal and associate it with your CDO portal.
Note: After you request the portal, the provisioning may take up to several hours.
Ensure that your portal is provisioned before moving on to the next step.
- In CDO, select Monitoring > Security Analytics to open the SWC UI in a new window.
- You have the following options:
- If you requested a Stealthwatch Cloud portal, and the system states it is still provisioning the portal, wait and try to access the alerts later.
- If the Stealthwatch Cloud portal is provisioned, enter your Username and Password, then click Sign in.
Note: The administrator user can invite other users to create accounts within the SWC portal. See Monitoring Stealthwatch Cloud Alerts Generated from Firepower Threat Defense Events for more information.
Next Steps
- If you purchased a Logging Analytics and Detection license, your configuration is complete. If you want to view the status of your CDO integration or sensor health from the Stealthwatch Cloud portal UI, see Review Sensor Health and CDO Integration Status in Stealthwatch Cloud for more information. If you want to work with alerts in the Stealthwatch Cloud portal, see Monitoring Stealthwatch Cloud Alerts from the Event Viewer and Working with Alerts Based on Firepower Events for more information.
- If you purchased a Total Network Analytics and Monitoring license, deploy one or more Stealthwatch Cloud sensors to your internal network to pass network flow data to the cloud. If you want to monitor cloud-based network flow data, configure your cloud-based deployment to pass flow data to Stealthwatch Cloud. See Stealthwatch Cloud Sensor Deployment for Total Network Analytics and Reporting for more information.