Cisco Secure Workload Firewall Enforcement Agents, Data Flow Mapping, and Advanced Policy Deployment, CSWADV, is a 5-day course exploring telemetry data, the flows corpus, and how Cisco Secure Workload Firewall Agent provides enforcement. This course will provide the details and hands-on activities necessary to successfully deploy, manage, and troubleshoot policies in Cisco Secure Workload.
COURSE OBJECTIVES
Upon completing this course, the learner will be able to meet these overall objectives:
- Describe how the Cisco Secure Workload Agents work to enforce security policy
- Describe how to deploy the Cisco Secure Workload Firewall Agent
- Describe how to Manage and Troubleshoot Cisco Secure Workload Firewall Agent policies
- Review administrative and management tasks necessary to operate, support and manage Cisco Secure Workload
- Describe how Cisco Secure Workload telemetry data is utilized in the Flows Corpus
- Construct effective policies based on discovered flows and Application Dependency Mapping (ADM)
Learning Path Prerequisites
The knowledge and skills that the learner should have before attending this course are as follows:
- Knowledge of cloud and (virtual) data center architecture or cloud basic networking concepts
- Familiarity with Cisco basic networking security concepts and application security concepts
- High-level familiarity with basic telemetry protocols and Big Data analytics
COURSE OUTLINE
Module 1: Cisco Secure Workload Firewall Agent
- How the Cisco Secure Workload Firewall Agent Enforces Firewall Rules
- Deploying and Managing Linux Enforcement Agents
- Deploying and Managing Windows Enforcement Agents
- Deploying and Managing AIX Enforcement Agents
Module 2: Cisco Secure Workload Enforcement Agent Components, Messaging, and Interaction
- Enforcement Front End
- Firewall and Catch-all Rules
- The Preserve Rules Option
- Agent Config Intents
- Stateful Enforcement
Module 3: Enforcement Agent UI Configurations and Troubleshooting
- Agent UI Configuration
- Monitoring Agents
- Platform Specific Enforcement Features and Requirements
- Known Limitations
- Troubleshooting Inbound and Outbound Firewall Rules
Module 4: Secure Connector, Edge and Ingest Appliances
- Secure Connector Overview
- Secure Connector features and configuration
- Edge Appliance Overview
- Edge Appliance configuration
- Ingest Appliance Overview
- Ingest appliance features and configurations
Module 5: Application Dependency Mapping
- Application Management Workflow Cycle
- Application Insight
- ADM Process
- ADM Run Results
- Cluster Confidence
Module 6: Cisco Secure Workload Policy Analysis
- Enable Policy Analysis
- Live Policy Analysis
- Backdated Policy Experiments
- Quick Policy Analysis
- Diagnosis Using Policy Analysis
Module 7: Cisco Secure Workload Analytics Policy Enforcement Overview
- Policy Global Ordering & Conflict Resolution
- Scope Priorities
- Troubleshooting Policy Enforcement
Module 8: Cisco Secure Workload Flow Search
- Understanding the Flow Corpus
- Using Scopes to Filter Results
- Searching with Conjunctions
- Correlating Flow Data with Hosts and Processes
- Leveraging Annotations
Module 9: Using Secure Workload Forensics
- Forensic Signals
- Configuring Forensics
- Forensics Visualization and Alerts
- Forensics Scoring
- Network and Process Hash Anomaly Detection
Module 10: Cisco Secure Workload Apps and API
- App Store
- User Apps
- Visualize Data Sources
- Bring your own Data
- OpenAPI