MARS v3.0 - Cisco Security Monitoring, Analysis and Response System MARS v3.0

PDFDownload a PDF version of this course outline

Duration:4 days

Price:$2,995.00

Test Level:0

Certifications:
  • No Certification
Exams:
  • No Exam

Description

The Cisco Security Monitoring Analysis and Response System (CS-MARS) is part of the Cisco Security Management Suite which provides security monitoring for network security devices and host application made by Cisco or non-Cisco providers. In addition to event correlation and data reduction features found in SIM products, CS-MARS also provides topology awareness and automatic mitigation features. In knowing the topology of a network, CS-MARS can determine where the attack is originating and apply the appropriate remediation. CS-MARS is a key component in the Cisco Self Defending Network strategy. CS-MARS exchanges information with CS-Manager to provide a unified security management solution. For example, an administrator can view IPS signatures or the Firewall block / permit syslog messages received from sensors or firewalls. CS-MARS will communicate with CS-Manager and display the IPS signature table or firewall rule table. From there the IPS signature or firewall rule can be modified as necessary. Together CS-MARS and CS-Manager provide a unified management solution for monitoring and provisioning.

Objectives

Upon completing this course, the learner will be able to meet these overall objectives:

  • Use CS-MARS to monitor security and host application devices.
  • Know CS-MARS architecture and how CS-MARS process events.
  • Know how to use archive and restore features.
  • Use CS-MARS to run / create / customize reports
  • Use CS-MARS to investigate an incident and mitigate the security threats.
  • Use CS-MARS to do customer parser for unknown devices in CS-MARS.
  • Use CS-MARS to create / customize rules that detects dark net through best practices example.
  • Know how to tune signature / log level on device side and CS-MARS side.

Who Should Attend

  • Engineers who support sales of Cisco security product solutions
  • Cisco channel partners who sell, implement, and maintain secure networks
  • Cisco customers who implement and maintain secure networks

Course Outline

  • Lesson 1:Introducing Cisco Security Monitoring, Analysis, and Response System
    • Effective Security Monitoring and Management
    • Cisco Self-Defending Network and the Role of Cisco Security MARS
    • Cisco Security MARS
    • Cisco Security MARS Terminology
    • Cisco Security MARS Technologies
    • Cisco Security MARS User Interface
    • Cisco Security MARS Product Portfolio
  • Lesson 2:Understanding the System Architecture
    • Cisco Security MARS Software Components
    • Cisco Security MARS Process Flow Details
  • Lesson 3:Configuring a Cisco Security MARS Appliance
    • Initial Cisco Configuration Overview
    • Scenario: Configuration Tasks
    • Deployment Planning Guidelines
  • Lesson 4:Adding Reporting and Mitigation Devices
    • Overview of Reporting and Mitigation Devices
    • Scenario: Adding a Cisco Reporting Device and Enabling NetFlow
    • Data-Enabling Features of Cisco Security MARS
    • Integrating Cisco Security MARS with Third-Party Applications
  • Lesson 5:Viewing the Summary Page
    • Summary Page Overview
    • Dashboard
    • Network Status
    • My Reports
    • Scenario: Getting Information from the Summary Page
  • Lesson 6:Managing Rules
    • Rules Overview
    • Working with System and User Inspection Rules
    • Working with Drop Rules
    • Rule Groups Overview
  • Lesson 7:Understanding Queries and Reports
    • Query Page
    • Scenario: Configuring a Query
    • Reports Page
    • Scenario: Configuring a System Report
  • Lesson 8:Investigating and Mitigating Incidents
    • Incidents Overview
    • Incidents
    • Scenario: Role of Cisco Security MARS in Your Network
    • False Positives
    • Case Management
    • Scenario: Configuring a Case to Track an Incident
    • Configuring Notifications
    • Case Study: Preventing the W32 Blaster Worm
  • Lesson 9:Working with User-Defined Log Parser Templates
    • Overview of User-Defined Log Parser Templates
    • Scenario: Configuring a Customer Parser
  • Lesson 10:Integrating with Cisco Security Manager
    • Overview of Cisco Security Manager Policy Table Lookup
    • Scenario: Invoking Cisco Security Manager Policy Table Lookup from Cisco Security MARS
  • Lesson 11:Managing and Administering the System
    • Management Overview
    • Overview of System Maintenance Tasks
    • IPS Signature Dynamic Update Settings
    • Upgrading the Cisco Security MARS Appliance Software
    • Migrating Data from Cisco Security MARS 4.3.x to 5.3.x
  • Lesson 12:Troubleshooting and Optimizing Cisco Security MARS
    • Hardware Installation Issues
    • Device Configuration Issues
    • Global Controller-to-Local Controller Communications
    • Sizing Cisco Security MARS Deployment
    • Tuning Cisco Security MARS
    • Securing Cisco Security MARS
  • Lesson 13:Using the Cisco Security MARS Global Controller
    • Cisco Security MARS Global Controller Overview
    • Configuring the Cisco Security MARS Global Controller
    • Summary Tab
    • Incidents Tab
    • Queries and Reports
    • Rules Tab
    • Management Tab
    • System Maintenance Tab
  • Lesson 14:Course Review: Cisco Security MARS at Work
    • Cisco Security MARS At Work

Lab Outline

  • Pre-Lab Activity: Accessing the Remote Lab
  • Lab 3: Accessing the Cisco Security MARS Appliance
  • Lab 4-1: Adding Reporting Devices and Enabling NetFlow
  • Lab 4-2: Configuring the Syslog Forwarding Feature
  • Lab 5: Generating Summary Reports
  • Lab 6-1: Configuring Cisco Security MARS Event Types
  • Lab 6-2: Configuring an Inspection Rule
  • Lab 7: Performing a Query and Creating a Custom Report
  • Lab 8: Performing Incident Investigation and Mitigation
  • Lab 9: Configuring the Custom Parser
  • Lab 10: Performing Cisco Security Manager Policy Lookup
  • Lab 11-1: Reviewing the CLI and Upgrading the Device Version
  • Lab 11-2: Configuring IPS Auto Signature Download
  • Lab 11-3: Configuring AAA RADIUS Authentication and Working with the Account Locking and Session Timeout Menu
  • Lab 11-4: Retrieving Raw Messages

Prerequisites

  • Cisco CCSP certified or equivalent knowledge
  • Passage of the Securing Cisco IOS Networks (SECUR) exam (642-501), the Securing Networks with Cisco Routers and Switches (SNRS) exam (642-502), or both
  • At least six months of practical experience configuring Cisco routers and security products
  • Familiarity with implementing network security policies and these networking components and concepts:
    • Perimeter security system components: Perimeter router, firewall, intrusion prevention system (IPS), virtual private network (VPN), and demilitarized zone (DMZ) host
    • Servers: Cisco Security Manager; syslog; authentication, authorization, and accounting (AAA); Cisco Secure Access Control Server (Cisco Secure ACS); and FTP
    • Protocols: syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), FTP, and Telnet

Upcoming Classes

There are no scheduled classes for this course at this time. Call 1(866)399-8287 to make a request.

Cisco

Select a Class

There are no scheduled classes for this course at this time. Call 1(866)399-8287 to make a request.
Close Checkout

Your class selection was successfully added to your cart.

You may add yourself to the waiting list and we will contact you if and when a seat opens up for this class.