CCSP

Implementing Cisco Security Monitoring, Analysis, and Response System(MARS)

Upon completion of this course, student will be able to use CS-MARS to:
• monitor security and host application devices
• know CS-MARS architecture and how CS-MARS processes events
• run / create / customize reports
• investigate an incident and mitigate security threats
• archive and restore features
• do customer parser for unknown devices in CS-MARS
• create / customize rules that detect dark net through best practices example
• tune signature / log level on device side and CS-MARS side

• Introducing Cisco Security Monitoring, Analysis, and Response System
• Understanding the System Architecture
• Configuring a Cisco Security MARS Appliance
• Adding Reporting and Mitigation Devices
• Viewing the Summary Page
• Managing Rules
• Understanding Queries and Reports
• Investigating and Mitigating Incidents
• Working with User-Defined Log Parser Templates
• Integrating with Cisco Security Manager
• Managing and Administering the System
• Troubleshooting and Optimizing Cisco Security MARS
• Using the Cisco Security MARS Global Controller
• Course Review