MARS - Cisco Security Monitoring, Analysis, and Response System

Overview:

Cisco Course v2.0 | MARS v4.2 | Prepares you for Cisco Exam 642-544 MARS.
Cisco Security Monitoring, Analysis, and Response System (MARS) is a family of high-performance, scalable appliances for threat management, monitoring, and mitigation that enables you to make more effective use of network and security devices by combining network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities. With MARS solutions you can readily and accurately identify, manage, and eliminate network attacks and maintain network compliance.

Description:

1. MARS Introduction and Task Flow

Overview of MARS technology and STM Task Flow.

2. Configuring MARS

Configure administration tasks in the MARS system using User Interface.

3. MARS Incident Investigation

Configure MARS for incident investigation, and create query and send alerts.

4. MARS Rules and Management

Use MARS User Interface to configure rules, management, and system maintenance features.

5. MARS Global Controller

Overview of MARS Global Controller.

Agenda:

Lab 1-1: Access MARS 2.0 appliance

Lab 2-1: Add Cisco Reporting Devices into MARS

Lab 2-2: Add non-Cisco Reporting Devices into MARS

Lab 3-1: Generate Summary Reports

Lab 3-2: Configure Appliance to Perform Incident Investigation and Attack Mitigation

Lab 3-3: Create Queries and Reports

Lab 4-1: Distributed Threat Mitigation

Lab 4-2: Create a Custom Parser

Audience:

• Cisco Customer
• Channel Partner

Objective:

• MARS solution, features, and functions as they relate to security incidents and security information in an enterprise network
• Basic physical installation process
• Add Cisco security and network devices into MARS appliance
• Add Non-Cisco security and network devices into MARS appliance
• Configure security devices to generate interesting events that constitute an attack scenario and have MARS collect the events for incident investigation
• Attack mitigation and false positive confirmation in context of MARS appliance
• Configure appliance to perform Incident Investigation and Mitigation
• Explain how to create, view, and save a long-duration query and reports on the MARS appliance
• Configure the MARS appliance to send an alert
• Describe and configure rules that detect interesting patterns of network activity
• Use management features in the MARS appliance to assign event, addressing, service, and user information
• Configure hardware maintenance chores such as viewing audit trail, data archiving, hot swapping hard drives, and upgrading software on MARS appliance.
• Overview of MARS Global Controller
• Overview of Log Parser Templates

Prerequisites:

• Fundamental knowledge of implementing network security
• CCSP or Security CQS and working knowledge of routing and switching
• CCNA