---

Cisco Monitoring, Analysis, and Response System (MARS) training helps you accurately identify, manage, and eliminate network attacks so you can maintain network compliance.

Our enhanced and exclusive labs surpass the standard Cisco MARS training course. You'll use real equipment, not virtualized or demo-only devices, running the latest version of MARS software (currently version 6.1.1) to train on newer features, including enhanced MARS to CSM interaction. This gives you real-world experience with:

• Integrating MARS with Cisco equipment and other common software applications
• Configuring Cisco Security Manager (CSM v4.0) with a Cisco IPS
• Performing an attack scenario to cross launch the incident from MARS to CSM
• Device management and forum-based custom parsers
• Handling incidents and generating reports
• The latest configurations available using ASA code 8.3
• Integrating a Symantec AntiVirus Server
• Using current software and hardware, including Windows, an ASA 5520 Firewall, a Catalyst 3560 L2/L3 switch, 2811 IOS routers, and ACS version 4.2 and native syslog configuration

Since our equipment is live, it's no problem if you want to try something outside the scope of the standard labs. You can reset to any individual lab on the fly, allowing you to revisit labs or skip ahead without fear of missing crucial configurations in between.

A Global Knowledge Exclusive: Bonus Lab Credits

You'll receive five extra security e-Lab credits (good for 30 days) to review a topic after class, refine your skills, or get in extra practice-whatever lab activities complete your training.

Highlights

• MARS design solutions, features, and functions as they relate to security incidents and security information in an enterprise network
• Basic physical installation process
• Adding Cisco and non-Cisco security and network devices into the MARS appliance
• Configure network devices including ASAs, routers, switches, and an IPS to generate attack scenarios and use MARS for incident investigation
• Attack mitigation and false positive confirmation
• Configure appliance to perform incident investigation and mitigation
• Create, view, and save a long-duration query and reports
• Configure the MARS appliance to send alerts
• Configure rules that detect interesting patterns of network activity
• Use Case Management features to assign incidents to specific users for follow up
• Configure hardware maintenance chores such as viewing audit trails, data archiving, and upgrading software
• Overview of MARS Global Controller
• Overview and configuration of Log Parser Templates
• Overview of Distributed Threat Mitigation using the Cisco IOS IPS
• Configure antivirus software to report a live virus
• MARS interaction with Cisco Security Manager v4.0
• Basic configuration of a Cisco IPS in Cisco Security Manager
• Configure various Windows Servers (2008, 2000) to use SNARE and RPC to report log events
• Configure SNMP version 3 on IOS and ASA devices and configure MARS to work accordingly
• Use ASA version 8.3 code to investigate the latest configuration and log data sent to MARS
• Configure an SFTP configuration for data archiving
• Configure the Cisco ACS to send native syslogs to MARS
• Integrate a Symantec AntiVirus Server
• Device configuration (routers, IPS, windows server logs, CSM etc.)

Course Outline

1. MARS Overview and STM Task Flow

• MARS solution and its role in Threat Defense System management
• Deploy Cisco Security MARS as an STM system in your network

2. Configuration

• Configure network reporting devices
• Configure user-defined log parser templates

3. Incident Investigation

• Use the Summary page menu to get an overview of your network
• Examine case management features that can capture, combine, and preserve user-selected data within a specialized report
• Explore the process of incident investigation and attack mitigation in a MARS appliance
• Configure MARS to send a notification

4. Rules and Management

• Configure rule(s) to detect interesting patterns of network activity and other anomalous network behavior
• Use management features to add, edit, and delete events, IP addressing, IP service, and IP user information
• Perform system maintenance tasks
• Features and functions of the Cisco Security MARS Global Controller

Space is limited. Register today to save your space!