Change location 

Course Length Format
Select an option
Implementing Cisco Security Monitoring, Analysis and Response System (MARS) v2.0 2 days Lecture/lab
Course outline

Module 1: Cisco Security MARS Overview and STM Task Flow

Lesson 1: Introducing Cisco Security MARS

  • Cisco Security MARS Solution
  • Cisco Security MARS Product Portfolio
  • Installation Tasks and Procedures
  • Configuring Microsoft Internet Explorer
  • Initial Configuration Overview

Lesson 2: Understanding STM Task Flow

  • STM Task Flow Overview
  • Checklist for Design Phase
  • Checklist for Monitoring Phase
  • Strategies for Monitoring, Notification, Mitigation, Remediation, and Audit
  • Appliance-Side Tuning Guidelines
  • Device Inventory Worksheet
  • User Role Worksheet

Module 2: Cisco Security MARS Configuration

Lesson 1: Configuring Reporting and Mitigation Devices

  • Cisco Security MARS Levels of Operation
  • Understanding Access IP, Reporting IP, and Interface Settings
  • Adding Reporting and Mitigation Devices
  • NetFlow Overview and Configuration
  • NAC and DTM in Cisco Security MARS

Lesson 2: Adding Cisco Security and Network Devices into the Cisco Security MARS

  • Appliance
  • Adding Cisco Router Devices
  • Cisco Switch Devices
  • Cisco Firewall Devices (PIX, ASA, and FWSM)
  • Adding Cisco VPN 3000 Series Concentrator
  • Adding Cisco NIDS and Network IPS Devices
  • Adding Cisco Host-Based IPS Devices
  • Adding Cisco Antivirus Devices
  • Configuring AAA Devices

Lesson 3: Adding Security and Network Devices from Other Vendors into the Cisco Security MARS Appliance

  • Adding Router and Switch Devices from Other Vendors
  • Adding Firewall Devices from Other Vendors
  • Adding NIDS and Network IPS Devices from Other Vendors
  • Adding Host IDS and IPS Devices from Other Vendors
  • Configuring Antivirus Devices
  • Configuring Vulnerability Assessment Devices
  • Configuring Application Hosts
  • Configuring Database Applications
  • Configuring Web Server Devices
  • Configuring Web Proxy Devices

Lesson 4: Working with User Defined Log Parser Templates

  • Overview of User Defined Log Parser Templates
  • Adding User Defined Log Parser Templates

Module 3: Cisco Security MARS Incident Investigation

Lesson 1: Network Summary

  • Summary Page
  • Dashboard
  • Network Status
  • My Reports

Lesson 2: Case Management

  • Case Management Overview

Lesson 3: Incident Investigation

  • Incidents Overview
  • Incident Mitigation
  • False-Positive Confirmation
  • Case Study: Preventing the W32 Blaster Worm
  • Queries Page
  • Reports Page

Lesson 4: Sending Notifications

  • Configuring Cisco Security MARS to Send Notifications

Module 4: Cisco Security MARS Rules and Management

Lesson 1: Cisco Security MARS Rules

  • Rules Overview
  • Configuring Rules
  • Rule Groups Overview

Lesson 2: Management Tab Overview

  • Management Overview

Lesson 3: System Maintenance

  • Overview of System Maintenance Tasks
  • Command-Line Interface
  • Upgrading the Cisco Security MARS Appliance Software

Lesson 4: Cisco Security MARS Global Controller

  • Cisco Security MARS Global Controller Overview
  • Configuring the Cisco Security MARS Global Controller
  • Summary Tab
  • Queries and Reports
  • Rules Tab
  • Management Tab
  • System Maintenance
Course labs

Lab 1-1: Accessing the Cisco Security MARS Appliance
Lab 2-1: Adding Reporting Devices into Cisco Security MARS
Lab 3-1: Generating Summary Reports
Lab 3-2: Incident Investigation and Drill Down
Lab 4-1: Creating Rules
Lab 4-2: Creating Custom Reports
Lab 4-3: Configuring DTM

CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, and Networking Academy are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners.