Implementing Cisco Security Monitoring, Analysis & Response System (MARS)
Who should attend
- Channel Partner
Fundamental knowledge of implementing network security / CCSP or Security CQS and working knowledge of routing and switching / CCNA
After completing this course the delegate will be able to:
- Describe the MARS solution, features and functions in context to the issues of security incidents and security information in an enterprise network.
- Cover the basic physical installation process.
- Add Cisco security and network devices into MARS appliance.
- Add Non-Cisco security and network devices into MARS appliance.
- Configure security devices to generate interesting events that constitute an attack scenario and have MARS collect the interesting events for incident investigation.
- Discuss attack mitigation and false positive confirmation in context to MARS appliance.
- Configure appliance to perform Incident Investigation and attack mitigation.
- Explain how to create, view and save a long-duration query and reports on the MARS appliance.
- Configure the MARS appliance to send an alert.
- Describe and configure rules that detect interesting patterns of network activity.
- Use management features in the MARS appliance to assign event, addressing, service, and user information.
- Configure hardware maintenance chores like viewing audit trail, data archiving, hot swapping hard drives, upgrading software on MARS appliance.
- Provide overview of MARS Global Controller.
- Provide overview of Log Parser Templates.
- MARS Introduction and Task Flow / Provide overview of MARS technology and STM Task Flow Overview.
- Lab 1-1 Accessing MARS 20 appliance.
- Configuring MARS,Configure administration tasks in the MARS system using User Interface.
- Lab 2-1 Adding Cisco Reporting Devices into MARS
- Lab 2-2 Adding non-Cisco Reporting Devices into MARS
- MARS Incident Investigation Configure MARS for incident investigation, create query and send alerts.
- Lab 3-1 Generating Summary Reports
- Lab 3-2 Configure appliance to perform Incident Investigation and attack mitigation.
- Lab 3-3 Creating Queries and Reports.
- MARS Rules and Management Use MARS User Interface to configure rules, management and system maintenance features.
- Lab 4-1 Distributed Threat Mitigation Lab
- Lab 4-2 Create a Custom Parser
- MARS Global Controller, Provide overview of MARS Global Controller
Duration 4 days
Price (excl. tax)
- Australia: 4,400.- AUD
- New Zealand: 4,600.- NZD
- Singapore: 3,800.- SGD
- Indonesia: Price on request
- India: 103,000.- INR
- Philippines: 103,200.- PHP
- Thailand: Price on request
- Vietnam: Price on request
- Sri Lanka: Price on request
- Cisco Learning Credits: 44 CLC
Duration 3 days
Price (excl. tax)
- Australia: 4,000.- AUD
- Cisco Learning Credits: 45 CLC
Currently there are no training dates scheduled for this course. Enquire a date