Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using Filters in StealthWatch

I am relatively new to SW although I have been using the system for ~ a year probably once or so a week and I have taken the SW Security Operations and Network Operations training.

My question is this: I do not understand how to effectively create filters, specifically there are filters for "Server Services", "Server Applications", "Client Services", "Client Applications" (and this is just within the "Host Information" view). If I am creating a flow table - I also can do it by port and protocol.

Why would I use one over the other?

Specifically - I want to find all the systems that provide DNS services (i.e. listen on UDP or TCP port 53 and provide name resolution).

I get *vastly* different results when I choose "Server Services" "dns or dnstcp" than when I choose "Server Applications" and choose "DNS or DNS (unclassified"

I have looked through the documentation and it is not at all clear what the difference is that SW is doing behind the scenes. 

Thank you!

Jim H.

CreatePlease login to create content