An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization's public cloud to send telemetry using the cloud provider's mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?
To monitor and analyze network activity within a public cloud environment, an engineer should configure Virtual Private Cloud (VPC) flow logs. VPC flow logs provide detailed information about the traffic going to and from network interfaces in the cloud. This includes insights into which IP entities are communicating, which protocols are being used, how much traffic is being transmitted, and whether the traffic was allowed or blocked. VPC flow logs are essential for behavioral analysis and detecting malicious activities on hosts in a cloud environment.
Its D I totally remember when I configure the first time the Stealthwatch Cloud
correct answer is D - VPC flow logs
This is a tricky question. VPC is valid option only for AWS (Azure and Google uses different terms), and AWS doesn't send telemetry to Stealthwatch. Stealthwatch fetch logs from AWS via API. I think B is therefore most valid answer.
It's B From the book SCOR 350-701: Stealthwatch Cloud is a Software as a Service (SaaS) cloud solution. You can use Stealthwatch Cloud to monitor many different public cloud environments, such as Amazon’s AWS, Google Cloud Platform, and Microsoft Azure. All of these cloud providers support their own implementation of NetFlow: ■■ In Amazon AWS, the equivalent of NetFlow is called VPC Flow Logs. You can obtain detailed information about VPC Flow Logs in AWS at https://docs.aws.amazon.com/ vpc/latest/userguide/flow-logs.html. ■■ Google Cloud Platform also supports VPC Flow Logs (or Google-branded GPC Flow Logs). You can obtain detailed information about VPC Flow Logs in Google Cloud Platform at https://cloud.google.com/vpc/docs/using-flow-logs. ■■ In Microsoft’s Azure, traffic flows are collected in Network Security Group (NSG) flow logs. NSG flow logs are a feature of Network Watcher. You can obtain additional information about Azure’s NSG flow logs and Network Watcher at https://docs.microsoft. com/en-us/azure/network-watcher/network-watcher-nsg-flow-logging-overview
Answer is D - Stealthwatch Cloud can be deployed without software agents, relying on the native AWS Virtual Private Cloud (VPC) flow logs
How is it VPC flow logs when this question is an organization's public cloud, not a private cloud?
VPC flow logs are the feature of the public clouds, like AWS
Specifically, AWS VPC Flow Logs contain the following information: ● Which IP entities are communicating inside and outside the VPC ● Which protocols (such as TCP and UDP) are being used ● How much traffic is sent and received by each entity ● Whether the flow was allowed or blocked by the security policy
https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch-cloud/at-a-glance-c45-739851.html
Looks like this solution supports Azure and AWS. Based on the docs for Azure setup it doesn't look like they refer to the logs as VPC Flow Logs (AWS). So based on that I'd stick with B. https://www.cisco.com/c/en/us/support/security/stealthwatch-cloud/products-installation-guides-list.html#pcm
Its D https://aws.amazon.com/marketplace/pp/prodview-woiawecmdlezq
Using the cloud provider..
Stealthwatch Cloud can be deployed without software agents, relying on the native AWS Virtual Private Cloud (VPC) flow logs. https://aws.amazon.com/marketplace/pp/prodview-woiawecmdlezq
D - VPC flow logs is answer The question asks "public cloud" and cisco made the following explanation. Cisco Telemetry Broker The Cisco Telemetry Broker is capable of ingesting network telemetry from a variety of telemetry sources, transforming their data formats, and then forwarding that telemetry to one or multiple destinations. For example, it can ingest any of the following: ● On-premises network telemetry, including NetFlow, SYSLOG, and IPFIX ● Cloud-based telemetry sources, such as AWS VPC flow logs and Azure NSG flow logs And it can forward that telemetry to any or all of the following example destinations: ● Analytics platforms, such as Hadoop ● Network management and automation platforms, such as Cisco DNA Center ● Security Information and Event Management (SIEM) platforms ● Storage/smart capture, such as Cisco Security Analytics and Logging (On-premises) https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch/datasheet-c78-739398.html
Correct answer is D
correct answer is b : In AWS environments, Cisco Stealthwatch Cloud can be deployed without software agents, relying on the native AWS Virtual Private Cloud (VPC) flow logs. Deployment can be accomplished in minutes by simply giving Cisco Stealthwatch Cloud read-only access to these VPC flow logs. In addition to VPC flows logs, other AWS telemetry data can also be used. GCP also uses VPC flow logs for rapid deployment and integration. Currently for Microsoft Azure environments, Cisco Stealthwatch Cloud relies first on a Linux-based software appliance, called the Observable Networks Appliance (ONA), and second on a third-party host-based NetFlow exporter such as Ziften or FlowTraq.
You mean Correct answer is D from your explanation
VPC flow logs
D is correct
A, B, C are for data networks containing switches and routers VPC slow log is meant for cloud based network like AWS. Now, Secure Cloud Analytics (formerly Stealthwatch Cloud) can automatically retrieve VPC Flow Logs as a primary or supplementary data source for entity modeling. This means you can now monitor network activity in a cloud environment and increase your security.
Not seeing anything related to PUBLIC CLOUD and vpc
https://www.cisco.com/c/en/us/products/collateral/security/stealthwatch-cloud/at-a-glance-c45-739850.html