Implementing Cisco Security Monitoring, Analysis and Response System v3.x (MARS) — A 4-Day Course

contact usEnquire about this course

Synopsis

Please note that this course has been retired and is no longer available. Please see the Cisco page for courses currently available in this subject area.

The Cisco Security Monitoring Analysis and Response System (CS-MARS) is part of the Cisco Security Management Suite which provides security monitoring for network security devices and host application made by Cisco or non-Cisco providers. In addition to event correlation and data reduction features found in SIM products, CS-MARS also provides topology awareness and automatic mitigation features. In knowing the topology of a network, CS-MARS can determine where the attack is originating and apply the appropriate remediation. CS-MARS is a key component in the Cisco Self Defending Network strategy. CS-MARS exchanges information with CS-Manager to provide a unified security management solution. For example, an administrator can view IPS signatures or the Firewall block / permit syslog messages received from sensors or firewalls. CS-MARS will communicate with CS-Manager and display the IPS signature table or firewall rule table. From there the IPS signature or firewall rule can be modified as necessary. Together CS-MARS and CS-Manager provide a unified management solution for monitoring and provisioning.

Course Objectives

After completing this course, students will be able to:

Intended Audience

This course is aimed at:

Prerequisites

Certification

This MARS training course is recommended as preparation for exam:

Schedule

This course has been retired and is no longer available.


Outline Course Contents

Introducing Cisco Security Monitoring, Analysis, and Response System

Understanding the System Architecture

Configuring a Cisco Security MARS Appliance

Adding Reporting and Mitigation Devices

Viewing the Summary Page

Managing Rules

Understanding Queries and Reports

Investigating and Mitigating Incidents

Working with User-Defined Log Parser Templates

Integrating with Cisco Security Manager

Managing and Administering the System

Troubleshooting and Optimizing Cisco Security MARS

Using the Cisco Security MARS Global Controller

Course Review