Implementing Cisco Security Monitoring, Analysis & Response System (MARS)
Who Should Attend
- Channel Partner / Reseller
- Customer
- Employee
Prerequisites
CCNA Security is a prerequisite Implementing Cisco IOS Network Security (IINS)
Recommended courses:
Securing Networks with Cisco Routers and Switches (SECURE)
!CI-SNAF
Course Objectives
Upon completing this course, you will be able to meet these objectives:
- Use CS-MARS to monitor security and host application devices.
- Know CS-MARS architecture and how CS-MARS process events.
- Know how to use archive and restore features.
- Use CS-MARS to run / create / customize reports
- Use CS-MARS to investigate an incident and mitigate the security threats.
- Use CS-MARS to do customer parser for unknown devices in CS-MARS.
- Use CS-MARS to create / customize rules that detects dark net through best practices example.
- Know how to tune signature / log level on device side and CS-MARS side.
Course Content
The Cisco Security Monitoring Analysis and Response System (CS-MARS) is part of the Cisco Security Management Suite which provides security monitoring for network security devices and host application made by Cisco or non-Cisco providers. In addition to event correlation and data reduction features found in SIM products, CS-MARS also provides topology awareness and automatic mitigation features. In knowing the topology of a network, CS-MARS can determine where the attack is originating and apply the appropriate remediation. CS-MARS is a key component in the Cisco Self Defending Network strategy. CS-MARS exchanges information with CS-Manager to provide a unified security management solution. For example, an administrator can view IPS signatures or the Firewall block / permit syslog messages received from sensors or firewalls. CS-MARS will communicate with CS-Manager and display the IPS signature table or firewall rule table. From there the IPS signature or firewall rule can be modified as necessary. Together CS-MARS and CS-Manager provide a unified management solution for monitoring and provisioning.
- Introducing Cisco Security Monitoring, Analysis, and Response System
- Understanding the System Architecture
- Configuring a Cisco Security MARS Appliance
- Adding Reporting and Mitigation Devices
- Viewing the Summary Page
- Managing Rules
- Understanding Queries and Reports
- Investigating and Mitigating Incidents
- Working with User-Defined Log Parser Templates
- Integrating with Cisco Security Manager
- Managing and Administering the System
- Troubleshooting and Optimizing Cisco Security MARS
- Using the Cisco Security MARS Global Controller
- Course Review
Duration: 4 days
Price (VAT excl.):
- Belgium: 2,495.- €
- The Netherlands: 2,495.- €
Cisco Learning Credits:
33 CLC
Belgium
Currently no local training dates available.
Europe
Germany
| 10-07-2012 - 13-07-2012 | Munich | Enroll | |
| 07-08-2012 - 10-08-2012 | Frankfurt | Enroll | |
| 25-09-2012 - 28-09-2012 | Stuttgart | Enroll | |
| 16-10-2012 - 19-10-2012 | Düsseldorf | Enroll | |
| 06-11-2012 - 09-11-2012 | Berlin Course Language: English | Enroll | |
| 06-11-2012 - 09-11-2012 | Berlin | Enroll | |
| 04-12-2012 - 07-12-2012 | Hamburg | Enroll |
Switzerland
| 21-08-2012 - 24-08-2012 | Zurich | Enroll |
United Kingdom
| 02-07-2012 - 05-07-2012 | London (Rosebery) | Enroll |
North America
United States
| 09-07-2012 - 12-07-2012 | Rosemount, IL Public | Enroll |
Latin America
Mexico
| 01-10-2012 - 04-10-2012 | Mexico City | Enroll |