 |
| We are here to help... |
 |
| With easy ways to get the answers you need: |
 |
Or call us at:
1-888-742-3214 |
| |
 |
CISCO |
| |
|
| |
|
| Course Name: |
Cisco Security Monitoring, Analysis, and Response System v3.0 (MARS) Training |
| |
|
| Deployment Options: |
Onsite - Instructor-Led Training |
| |
|
| Course Duration: |
4 days depending on audience background and options |
|
|
| |
|
| Related Courses |
| |
 |
| |
|
|
|
| Introduction: |
| |
| Cisco Security Monitoring, Analysis, and Response System (MARS) is a family of high-performance, scalable appliances for threat management, monitoring, and mitigation that enables you to make more effective use of network and security devices by combining network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities. With MARS solutions you can readily and accurately identify, manage, and eliminate network attacks and maintain network compliance. |
| |
| Audience: |
| |
- Cisco Customer
- Channel Partner
|
| |
| Prerequisites: |
| |
- Fundamental knowledge of implementing network security
- CCSP or Security CQS and working knowledge of routing and switching
- CCNA Security Certification
|
| |
| Customize it: |
| |
| This 4-days Cisco MARS course will be customized to your needs and specifications. Eno.com will assist you in identifying those needs and specifications. A word to the wise, there are many vendors of IT security training. They will typically have a broad and general course, one size fits all, already developed and just put your organization?s name on the title slide. This minimizes their effort and time investment. At Eno.com, every course is made to your exact and exacting specifications. We help you ensure what you are getting is what you really eed even if at the beginning you weren't too sure of what that was. We fit the class to your needs. We never fit you into our standard, one size fits all, class. Please call or e-mail to schedule a no-obligation conference call to help us understand your audience background and training objectives. |
| |
| Objectives: |
| |
|
What You'll Learn
- MARS design solutions, features, and functions as they relate to security incidents and security information in an enterprise network
- Basic physical installation process
- Add Cisco security and network devices into the MARS appliance
- Add Non-Cisco security and network devices into MARS appliance
- Configure network devices including ASAs, Routers, Switches, and an IPS to generate events that constitute an attack scenario and have MARS collect the events for incident investigation
- Attack mitigation and false positive confirmation in context of MARS appliance
- Configure appliance to perform Incident Investigation and Mitigation
- Create, view, and save a long-duration query and reports on the MARS appliance
- Configure the MARS appliance to send alerts
- Configure rules that detect interesting patterns of network activity
- Use Case Management features in the MARS appliance to assign incidents to specific MARS users for follow up
- Configure hardware maintenance chores such as viewing audit trails, data archiving, and upgrading software on MARS appliance
- Overview of MARS Global Controller
- Overview and configuration of Log Parser Templates
- Overview of Distributed Threat Mitigation using the Cisco IOS IPS
- Configure antivirus software to report a live virus
- MARS Interaction with Cisco Security Manager
- Basic configuration of a Cisco IPS in Cisco Security Manager
- Configure various Windows Servers (2003 and 2000) to use SNARE and RPC to report log events to MARS
- Features new to MARS 6.x, including forum-based custom parsers
- New MARS 6.x-only enhancements to the interface including Device Management
|
| |
| Course Outline and Labs Taught |
| |
1. Cisco Security MARS Overview and STM Task Flow
•Cisco Security MARS solution and its role in Cisco Threat Defense System management
•Deploy Cisco Security MARS as an STM system in your network
2. Cisco Security MARS Configuration
•Configure the network reporting devices to work with the Cisco Security MARS appliance
•Configure Cisco reporting devices to work with the Cisco Security MARS appliance
•Configure reporting devices from other vendors to work with the Cisco Security MARS appliance
•Configure user-defined log parser templates on the Cisco Security Mars appliance
3. Cisco Security MARS Incident Investigation
•Use the Summary page menu to get an overview of your network
•Examine case management features that can capture, combine, and preserve user-selected Cisco Security MARS date within a specialized report called a case
•Explore the process of incident investigation and attack mitigation in a Cisco Security MARS appliance
•Configure the Cisco Security MARS appliance to send a notification
4. Cisco Security MARS Rules and Management
•Configure a rule (or rules) that detect interesting patterns of network activity and other anomalous network behavior
•Use the management features in the Cisco Security MARS appliance to add, edit, and delete event, IP addressing, service, and user information
•Perform system maintenance tasks on the Cisco Security MARS appliance
•Features and functions of the Cisco Security MARS Global Controller |
| |
| Other Expertise: |
| |
|
|
|
| |
|
For organizational purchases, please send us a message at  salesinfo@eno.com
or complete and submit this form . |
| |
| |
| |
|
 |
Request A Quote
Convert your currency
RSS Feed
Facebook
LinkIn
Twitter
You Tube
