> > > MARS

Implementing Cisco Security Monitoring, Analysis & Response System (MARS)

Course Description Schedule
 

Who should attend

  • Customer
  • Channel Partner
  • Reseller
  • Employee

Prerequisites

Fundamental knowledge of implementing network security / CCSP or Security CQS and working knowledge of routing and switching / CCNA

Course Objectives

After completing this course the delegate will be able to:

  • Describe the MARS solution, features and functions in context to the issues of security incidents and security information in an enterprise network.
  • Cover the basic physical installation process.
  • Add Cisco security and network devices into MARS appliance.
  • Add Non-Cisco security and network devices into MARS appliance.
  • Configure security devices to generate interesting events that constitute an attack scenario and have MARS collect the interesting events for incident investigation.
  • Discuss attack mitigation and false positive confirmation in context to MARS appliance.
  • Configure appliance to perform Incident Investigation and attack mitigation.
  • Explain how to create, view and save a long-duration query and reports on the MARS appliance.
  • Configure the MARS appliance to send an alert.
  • Describe and configure rules that detect interesting patterns of network activity.
  • Use management features in the MARS appliance to assign event, addressing, service, and user information.
  • Configure hardware maintenance chores like viewing audit trail, data archiving, hot swapping hard drives, upgrading software on MARS appliance.
  • Provide overview of MARS Global Controller.
  • Provide overview of Log Parser Templates.

Course Content

Cisco Systems offers the Mitigation and Response System (MARS) family of high performance, scalable appliances for threat management, monitoring and mitigation, enabling customers to make more effective use of network and security devices by combining network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification and automated mitigation capabilities. CS MARS solutions empower customers to readily and accurately identify, manage and eliminate network attacks and maintain network compliance.

  • MARS Introduction and Task Flow / Provide overview of MARS technology and STM Task Flow Overview.
  • Lab 1-1 Accessing MARS 20 appliance.
  • Configuring MARS,Configure administration tasks in the MARS system using User Interface.
  • Lab 2-1 Adding Cisco Reporting Devices into MARS
  • Lab 2-2 Adding non-Cisco Reporting Devices into MARS
  • MARS Incident Investigation Configure MARS for incident investigation, create query and send alerts.
  • Lab 3-1 Generating Summary Reports
  • Lab 3-2 Configure appliance to perform Incident Investigation and attack mitigation.
  • Lab 3-3 Creating Queries and Reports.
  • MARS Rules and Management Use MARS User Interface to configure rules, management and system maintenance features.
  • Lab 4-1 Distributed Threat Mitigation Lab
  • Lab 4-2 Create a Custom Parser
  • MARS Global Controller, Provide overview of MARS Global Controller

Fast Lane has produced a unique CD which is to be distributed free to students on security and wireless courses. It contains Security, Penetration and Wireless tools, freeware programs, and additional information to support and enhance what students will learn on the course.

Classroom Training

Duration 4 days

Price (excl. tax)
Dates and Booking
Online Training

Duration 3 days

Price (excl. tax)
  • Australia: 4,000.- AUD
  • Cisco Learning Credits: 45 CLC
Dates and Booking
 
Schedule

Currently there are no training dates scheduled for this course.  Enquire a date