Implementing Cisco Security Monitoring Analysis and Response System v3.x

MARS - Implementing Cisco Security Monitoring Analysis and Response System v3.x

Course Certifications

This course is part of the following Certifications:

• Cisco Certified Security Professional (CCSP).

Course Content

The Cisco Security Monitoring Analysis and Response System (CS-MARS) is part of the Cisco Security Management Suite which provides security monitoring for network security devices and host application made by Cisco or non-Cisco providers. In addition to event correlation and data reduction features found in SIM products, CS-MARS also provides topology awareness and automatic mitigation features. In knowing the topology of a network, CS-MARS can determine where the attack is originating and apply the appropriate remediation. CS-MARS is a key component in the Cisco Self Defending Network strategy. CS-MARS exchanges information with CS-Manager to provide a unified security management solution. For example, an administrator can view IPS signatures or the Firewall block / permit syslog messages received from sensors or firewalls. CS-MARS will communicate with CS-Manager and display the IPS signature table or firewall rule table. From there the IPS signature or firewall rule can be modified as necessary. Together CS-MARS and CS-Manager provide a unified management solution for monitoring and provisioning.

• Introducing Cisco Security Monitoring, Analysis, and Response System
• Understanding the System Architecture
• Configuring a Cisco Security MARS Appliance
• Adding Reporting and Mitigation Devices
• Viewing the Summary Page
• Managing Rules
• Understanding Queries and Reports
• Investigating and Mitigating Incidents
• Working with User-Defined Log Parser Templates
• Integrating with Cisco Security Manager
• Managing and Administering the System
• Troubleshooting and Optimizing Cisco Security MARS
• Using the Cisco Security MARS Global Controller
• Course Review.