Contact | Register |  Advanced Search | Student Login




 Click here for dates and locations.

Course Name

CS - Monitoring, Analysis, and Response System

Course Description

Course Fee: $2,995.00

New Page 1

Implementing Cisco Security Monitoring, Analysis, and Response System (MARS) v3.0

 

This course replaces the Cisco MARS-Protego (MARS)

The Implementing Cisco Security Monitoring, Analysis, and Response System (MARS) v3.0 is designed to enable administrators of Cisco MARS devices to implement and manage MARS devices effectively. 

The MARS course is a four-day, instructor-led class, consisting of 14 lessons focused on each aspect of managing and deploying MARS devices in a secure network.  This course has a total of 9 hands on lab exercises

 

Quick Facts

 

·        4-days

·        Instructor-Led

·        Cisco Certified Training

·        MARS version 4.3.1, 5.3.1 and later.

·        Class hours are normally 8:30am to 4:30pm, however these hours may vary.  Your instructor will cover the class hours on the first day of class.


 

Course Objectives:

 

·        Describe a Cisco Security MARS solution and its role in Cisco Threat-Defense System management

·        Describe the software components of Cisco Security MARS architectural design

·        Configure the network reporting devices to work with the Cisco Security MARS appliance

·        Describe the key concepts involved in using network reporting and mitigation devices with the Cisco Security MARS appliance

·        Use the Summary page to view the security status of your network

·        Describe and configure a rule that detects interesting patterns of network activity and other anomalous network behavior

·        Describe the process of generating queries and reports in a Cisco Security MARS appliance

·        Describe the process of incident investigation on a Cisco Security MARS appliance

·        Configure user-defined log parser templates on the Cisco Security MARS appliance

·        Integrate Cisco Security Manager and Cisco Security MARS

·        Perform system maintenance tasks on the Cisco Security MARS appliance

·        Identify common issues about Cisco Security MARS

·        Describe the features and functions of the Cisco Security MARS Global Controller

·        Summarize the key functionalities of Cisco Security MARS technologies at work

 

 

Standard Course Flow:

 

The following course flow reflects the Cisco Outline delivered as a Certified Cisco Course.  This Course is part of the CCSP certification and those interested in obtaining this certification should cover all lessons and labs. 

Customization of this outline is possible and deliverable in a private training atmosphere versus a public open enrollment class. Ask your Ascolta representative how to train your organization in a custom format.

 

 

Course Introduction

Lesson 1: Introducing Cisco Security MARS

Lesson 2: Understanding the System Architecture

Lesson 3: Configuring a Cisco Security MARS Appliance

Pre-Lab Activity: Accessing the Remote Lab

Lab 3.1: Accessing the Cisco Security MARS Appliance

Lesson 4: Adding Reporting and Mitigation Devices

Lab 4.1: Adding Reporting Devices and Enabling NetFlow

Lab 4.2: Configuring Syslog Forwarding

Lesson 5: Viewing Security Status Via the Summary Page

Lab 5: Creating Summary Reports

Lesson 6: Managing Rules

Lab 6.1: Configuring Cisco Security MARS Event Types

Lab 6.2: Configuring an Inspection Rule

Lesson 7: Understanding Queries and Reports

Lab 7: Performing Queries and Creating Custom Reports

Lesson 8: Investigating and Mitigating Incidents

Lab 8: Performing Incident Investigation

Lesson 9: Working with User-Defined Log Parser Templates

Lab 9: Configuring the Custom Parser

Lesson 10:  Integrating with Cisco Security Manager

Lab 10: Performing Cisco Security Manager Policy Lookup

Lesson 11: Managing and Administering the System

Lab 11.1: Reviewing the CLI and Upgrading the Device Version

Lab 11.2: Configuring IPS Auto Signature Download

Lab 11.3: Configuring AAA RADIUS Authentication and Working with Account Locking and Session Timeout

Lab 11.4: Retrieving Raw Messages

Lesson 12: Troubleshooting and Optimizing Cisco Security MARS

Lesson 13: Using the Cisco Security MARS Global Controller

Lesson 14: Course Review

 

Recommended Learner Skills and Knowledge

 

Cisco CCSP certification or equivalent knowledge

Passage of the Security Cisco IDS Networks (SECUR) exam (642-501), Securing Networks with Cisco Routers and Switches (SNRS) exam, or both

At least six months of practical experience configuring Cisco routers and security products

Familiarity with implementing network security policies and these networking components and concepts:

Perimeter security system components: perimeter router, firewall, IPS, VPN, and DMZ host

Servers: syslog, web, AAA, Cisco Secure ACS, and FTP servers

Protocols: syslog, SNMP, SSH, FTP, and Telnet
Facebook Link AscoltaBlogs.com link Twitter Link Linkedin

Home | Class Schedule | Channel Partners | Certifications | Services | Locations | About Ascolta
Shopping Cart Trouble? | Contact Us | Privacy Policy | Sitemap
Ascolta © 1998 - 2010 • All Rights Reserved • tel: 949-477-2000 ext. 1