Cisco Stealthwatch Training | How to install Stealthwatch

In this post I am going to be walking through the installation and setup of Cisco Stealthwatch. I will be doing this with virtual machines on VMWare.

I will be installing the StealthWatch Management Console (SMC) and one FlowCollector FC

Stealthwatch Management Console Installation & Sizing

I will be referring to the Stealthwatch Management Console VE and Flow Collector VE Installation and Configuration Guide version 6.10.1

All the installation guides can be found on the Cisco website – here

For all appliances they are deployed via an OVF so this process is very straightforward. There is a sizing guide which recommends different settings for the size of your deployment, number of exporters, flows per second and number of concurrent users etc.

For this deployment I will be putting it into production so will be giving it 32GB or RAM and 4 x CPUs

As the Stealthwatch Management Console is not doing the heavy lifting (that is the job of the Flow Collector) it’s disk space requirement is not as big. Minimum disk space is 100GB

I will be giving this one 200GB

Once you have booted the VM and open the console you will be presented with the login screen

The default username and password is sysadmin / lan1cope

Once logged in you will be presented with a configuration screen where you can change the management address

Step through the screens and the appliance will reboot, when it’s back you should be able to https to the management page

You will get a Stealthwatch is initializing screen and then finally be presented with this screen

The default username / password for the https screen is admin / lan411cope

There is one more configuration screen to go through where you can define DNS, NTP, domain name and change the password and hostname if you want.

Whilst the Management Console is rebooting you should repeat the above process for the Flow Collector as the next step in the Management Console setup is to add the flow collectors.