---

With Cisco Security Monitoring, Analysis, and Response System (MARS) solutions you can readily and accurately identify, manage, and eliminate network attacks and maintain network compliance. This family of appliances makes your network and security devices more effective by combining network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities.

Our approach to MARS training uses real equipment, not virtualized devices, running the latest version of MARS software (currently version 6.0.1) to give you real-world experience with:

• MARS integration with Cisco equipment and other common software applications
• Configuring Cisco Security Manager (CSM) with a Cisco IPS
• Performing an attack scenario to cross-launch the incident from MARS to CSM
• Live MARS appliance (not virtual) running version 6.x of code
• Symantec AntiVirus Server

Highlights

• MARS design solutions, features, and functions as they relate to security incidents and security information in an enterprise network
• Basic physical installation process
• Adding Cisco and non-Cisco security and network devices into the MARS appliance
• Configure network devices including ASAs, routers, switches, and an IPS to generate attack scenarios and use MARS for incident investigation
• Attack mitigation and false positive confirmation
• Configure appliance to perform incident investigation and mitigation
• Create, view, and save a long-duration query and reports
• Configure the MARS appliance to send alerts
• Configure rules that detect interesting patterns of network activity
• Use Case Management features to assign incidents to specific users for follow up
• Configure hardware maintenance chores such as viewing audit trails, data archiving, and upgrading software
• Overview of MARS Global Controller
• Overview and configuration of Log Parser Templates
• Overview of Distributed Threat Mitigation using the Cisco IOS IPS
• Configure antivirus software to report a live virus
• MARS Interaction with Cisco Security Manager
• Basic configuration of a Cisco IPS in Cisco Security Manager
• Configure various Windows Servers (2003 and 2000) to use SNARE and RPC to report log events
• New MARS 6.x-only enhancements, including Device Management and forum-based custom parsers

Course Outline

1. MARS Overview and STM Task Flow

• MARS solution and its role in Threat Defense System management
• Deploy Cisco Security MARS as an STM system in your network

2. Configuration

• Configure network reporting devices from Cisco and other vendors
• Configure user-defined log parser templates

3. Incident Investigation

• Use the Summary page menu to get an overview of your network
• Examine case management features that can capture, combine, and preserve user-selected data within a specialized report
• Explore the process of incident investigation and attack mitigation in a MARS appliance
• Configure MARS to send a notification

4. Rules and Management

• Configure a rule (or rules) to detect interesting patterns of network activity and other anomalous network behavior
• Use management features to add, edit, and delete events, IP addressing, IP service, and IP user information
• Perform system maintenance tasks
• Features and functions of the Cisco Security MARS Global Controller

Space is limited. Register today to save your space!