Implementing Cisco Security Monitoring, Analysis and Response System v3.x (MARS) — A 4-Day Course

Synopsis

The Cisco Security Monitoring Analysis and Response System (CS-MARS) is part of the Cisco Security Management Suite which provides security monitoring for network security devices and host application made by Cisco or non-Cisco providers. In addition to event correlation and data reduction features found in SIM products, CS-MARS also provides topology awareness and automatic mitigation features. In knowing the topology of a network, CS-MARS can determine where the attack is originating and apply the appropriate remediation. CS-MARS is a key component in the Cisco Self Defending Network strategy. CS-MARS exchanges information with CS-Manager to provide a unified security management solution. For example, an administrator can view IPS signatures or the Firewall block / permit syslog messages received from sensors or firewalls. CS-MARS will communicate with CS-Manager and display the IPS signature table or firewall rule table. From there the IPS signature or firewall rule can be modified as necessary. Together CS-MARS and CS-Manager provide a unified management solution for monitoring and provisioning.

Course Objectives

After completing this course, students will be able to:

Use CS-MARS to monitor security and host application devices.
Know CS-MARS architecture and how CS-MARS process events.
Know how to use archive and restore features.
Use CS-MARS to run / create / customize reports
Use CS-MARS to investigate an incident and mitigate the security threats.
Use CS-MARS to do customer parser for unknown devices in CS-MARS.
Use CS-MARS to create / customize rules that detects dark net through best practices example.
Know how to tune signature / log level on device side and CS-MARS side.

Intended Audience

This course is aimed at:

Channel Partner / Reseller
Customer
Employee

Prerequisites

CCSP

Certification

This MARS training course is recommended as preparation for exam:

642-544 MARS

MARS is part of the CCSP certification path.

Publicly scheduled dates, locations, and prices

London — £1595 (+VAT)

6–9 Apr 2010
4–7 May 2010
4–7 Oct 2010

Wokingham — £1595 (+VAT)

26–29 Jul 2010

Outline Course Contents

Introducing Cisco Security Monitoring, Analysis, and Response System

Understanding the System Architecture

Configuring a Cisco Security MARS Appliance

Adding Reporting and Mitigation Devices

Viewing the Summary Page

Managing Rules

Understanding Queries and Reports

Investigating and Mitigating Incidents

Working with User-Defined Log Parser Templates

Integrating with Cisco Security Manager

Managing and Administering the System

Troubleshooting and Optimizing Cisco Security MARS

Using the Cisco Security MARS Global Controller

Course Review

Printer-friendly version

Cisco training UK enquiries

UK Training enquiries and feedback form.

Cisco training UK prices

For publicly scheduled training (individual places), see our UK training schedule.

For current special offers on courses, see our Special Offers section.

In-house training for company groups is charged at a daily rate per group — see our In-House UK Training Guidelines.

Publicly Scheduled Training Locations

We currently run public training courses across the UK including following locations:

London, UK
Leeds, West Yorkshire, UK
Aberdeen, Scotland, UK
Bradford, West Yorkshire, UK
Birmingham, West Midlands, UK
Bournemouth, Dorset, UK
Bristol, South West
Carshalton, Surrey, UK
Chester, North West, UK
Cheshire, North West, UK
Coventry, West Midlands, UK
Crawley, West Sussex, UK
Derby, East Midlands, UK
Dublin, Ireland
Edinburgh, Scotland, UK
Exeter, South West, UK
Glasgow, Scotland, UK
Harrogate, North Yorkshire, UK
Harwell, Oxfordshire, UK
Hinckley, Leicestershire, UK
Lancashire, North West, UK
Liverpool, North west, UK
Maidenhead, Berkshire, UK
Manchester, North West, UK
Milton Keynes, Buckinghamshire, UK
Nottinghamshire, East Midlands, UK
Reading, Berkshire, UK
Sheffield, South Yorkshire, UK
Slough, Berkshire, UK
Stevenage, Hertfordshire, UK
Swindon, South West, UK
Tyne and Wear, North East, UK
Wakefield, West Yorkshire, UK
Wokingham, Berkshire, UK
Wiltshire, South West, UK
Wirral, North West, UK

Most UK public training courses are available on a monthly basis.

Please see the individual course outlines or our public training schedule for details.

In-house (on-site) training locations

We deliver in-house courses at client premises and/or training facilities in any part of the world which is practically and commercially accessible.

Our In-house training guidelines outline our basic requirements and our UK pricing structure. To estimate costs for training in other countries, simply convert to your local currency and then make a rough calculation of our tutor's costs for travelling to and staying at your location.