Services
Convergent Communications, Inc. - A Cisco Systems Learning Partner
Business/Enterprise Solutions Certification Packages
Cisco AS Courses
E-Learning About CCI
Consulting Home Page
Courses Schedules & Pricing Registration Contact Us
Product Training
Deploy Assure
Cisco MARS v3.0


Course Description

Course Objectives

Intended Audience

Prerequisites

Course Outline & Labs

SCHEDULE

REGISTRATION

COURSES INDEX

Cisco Security Monitoring, Analysis, and Response System v3.0 (MARS) - 4-Day Hands on Cisco Authorized Course


Course Description

Cisco Security Monitoring, Analysis, and Response System (MARS) is a family of high-performance, scalable appliances for threat management, monitoring, and mitigation that enables you to make more effective use of network and security devices by combining network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities. With MARS solutions you can readily and accurately identify, manage, and eliminate network attacks and maintain network compliance.


Course Objectives

  • MARS design solutions, features, and functions as they relate to security incidents and security information in an enterprise network
  • Basic physical installation process
  • Add Cisco security and network devices into the MARS appliance
  • Add Non-Cisco security and network devices into MARS appliance
  • Configure network devices including ASAs, Routers, Switches, and an IPS to generate events that constitute an attack scenario and have MARS collect the events for incident investigation
  • Attack mitigation and false positive confirmation in context of MARS appliance
  • Configure appliance to perform Incident Investigation and Mitigation
  • Create, view, and save a long-duration query and reports on the MARS appliance
  • Configure the MARS appliance to send alerts
  • Configure rules that detect interesting patterns of network activity
  • Use Case Management features in the MARS appliance to assign incidents to specific MARS users for follow up
  • Configure hardware maintenance chores such as viewing audit trails, data archiving, and upgrading software on MARS appliance
  • Overview of MARS Global Controller
  • Overview and configuration of Log Parser Templates
  • Overview of Distributed Threat Mitigation using the Cisco IOS IPS
  • Configure antivirus software to report a live virus
  • MARS Interaction with Cisco Security Manager
  • Basic configuration of a Cisco IPS in Cisco Security Manager
  • Configure various Windows Servers (2003 and 2000) to use SNARE and RPC to report log events to MARS
    TOP


Intended Audience

Cisco Customers and Cisco Channel Partners.

TOP


Prerequisites

Fundamental knowledge of implementing network security CCSP or Security CQS and working knowledge of routing and switching CCNA

TOP
Course Outline

  1. Cisco Security MARS Overview and STM Task Flow
    • Cisco Security MARS solution and its role in Cisco Threat Defense System management
    • Deploy Cisco Security MARS as an STM system in your network
  2. Cisco Security MARS Configuration
    • Configure the network reporting devices to work with the Cisco Security MARS appliance
    • Configure Cisco reporting devices to work with the Cisco Security MARS appliance
    • Configure reporting devices from other vendors to work with the Cisco Security MARS appliance
    • Configure user-defined log parser templates on the Cisco Security Mars appliance
  3. Cisco Security MARS Incident Investigation
    • Use the Summary page menu to get an overview of your network
    • Examine case management features that can capture, combine, and preserve user-selected Cisco Security MARS date within a specialized report called a case
    • Explore the process of incident investigation and attack mitigation in a Cisco Security MARS appliance
    • Configure the Cisco Security MARS appliance to send a notification
  4. Cisco Security MARS Rules and Management
    • Configure a rule (or rules) that detect interesting patterns of network activity and other anomalous network behavior
    • Use the management features in the Cisco Security MARS appliance to add, edit, and delete event, IP addressing, service, and user information
    • Perform system maintenance tasks on the Cisco Security MARS appliance
    • Features and functions of the Cisco Security MARS Global Controller

Course Labs

  • Lab 1: Remote Lab Familiarization
  • Lab 2: Bootstrapping the MARS
  • Lab 3: Importing Hardware Devices into MARS
  • Lab 4: Generating Summary Reports
  • Lab 5: Exploring Rules
  • Lab 6: Generating Queries and Reports
  • Lab 7: Case Management and Rule Actions
  • Lab 8: Incident Handling and Mitigation
  • Lab 9: Tuning the MARS
  • Lab 10: Creating a Custom Parser
  • Lab 11: CSM and MARS Interaction
  • Lab 12: IPS and MARS Integration
  • Lab 13: Adding a Software Reporting Device
  • Lab 14: Adding an AAA Reporting Device
  • Lab 15: Maintaining the MARS Appliance

TOP



 

301-565-0138 : info@ccitraning.net

Courses | Schedule | Registration | Contact Us | Homepage | Related Links
Business/Enterprise Solutions | E-Learning | Consulting | Certification Packages | CISCO AES Courses | About Us

© Convergent Communications, Inc.