Implementing Cisco Security Monitoring, Analysis and Response System v3.x (MARS) — A 4-Day Course
Please note that this course has been retired and is no longer available. Please see the Cisco page for courses currently available in this subject area.
The Cisco Security Monitoring Analysis and Response System (CS-MARS) is part of the Cisco Security Management Suite which provides security monitoring for network security devices and host application made by Cisco or non-Cisco providers. In addition to event correlation and data reduction features found in SIM products, CS-MARS also provides topology awareness and automatic mitigation features. In knowing the topology of a network, CS-MARS can determine where the attack is originating and apply the appropriate remediation. CS-MARS is a key component in the Cisco Self Defending Network strategy. CS-MARS exchanges information with CS-Manager to provide a unified security management solution. For example, an administrator can view IPS signatures or the Firewall block / permit syslog messages received from sensors or firewalls. CS-MARS will communicate with CS-Manager and display the IPS signature table or firewall rule table. From there the IPS signature or firewall rule can be modified as necessary. Together CS-MARS and CS-Manager provide a unified management solution for monitoring and provisioning.
After completing this course, students will be able to:
- Use CS-MARS to monitor security and host application devices
- Know CS-MARS architecture and how CS-MARS process events
- Know how to use archive and restore features
- Use CS-MARS to run / create / customize reports
- Use CS-MARS to investigate an incident and mitigate the security threats
- Use CS-MARS to do customer parser for unknown devices in CS-MARS
- Use CS-MARS to create / customize rules that detects dark net through best practices example
- Know how to tune signature / log level on device side and CS-MARS side
This course is aimed at:
- Channel Partner / Reseller
- Fundamental knowledge of implementing network security / CCSP or Security CQS and working knowledge of routing and switching / CCNA
This MARS training course is recommended as preparation for exam:
This course has been retired and is no longer available.