Thursday, September 28, 2006

Other MARS Blogs

Mike from New York, has another great MARS blog on blogger, entitled
"CS-MARS and All Things Security at Cisco".

Check it out....

http://cs-mars.blogspot.com/

Tuesday, September 26, 2006

MARS Incident Views

Another new feature of the 4.2.2 release, is the ability to slim down the incident view, to the last hour, day, week, year etc, again by severity if required.


MARS 4.2.2 Now Available

The following changes and enhancements exist in 4.2.2:
•Support for Firewall Services Module 3.1.
•Performance Improvements for Windows and Cisco IPS Log Processing.
•Enhanced Topology Synchronization between Global and Local Controllers.
•Enhanced Result Format Display for the Custom Column Query. A query with a Custom Columns result format can now display up to 100,000 results.

New Vendor Signatures


Monday, September 25, 2006

Cisco Marketing MARS Demo available on Cisco.com

If your boss is still unsure on what MARS is...

http://www.cisco.com/cdc_content_elements/flash/security_mars/demo.htm

Viewing Raw Data in Real-Time

Another question i get asked is "How can i view the raw data coming into my MARS appliance for a certain device?"

Well this is easy to configure, via a Query.

1) If we first select a device to monitor, on the Query screen
2) Now we need to Edit the Query Type, and select the Result Format as: "All Matching Event Raw Messages"
3) And finally select "Real Time" : Raw Events.




Now when we submit, we will watch in real time, all the raw events arriving from your selected device or devices.




Quite a cool feature i think!

1st Cisco MARS Book Available

Cisco Press are about the release the first book on the Cisco MARS Product.

Entitled: Security Threat Mitigation and Response: Understanding Cisco Security MARS

This book is by Dale Tesch & Greg Abelar, and stuffed with 400 pages.
ISBN-10: 1-58705-260-1

An example chapter is available here...


http://www.ciscopress.com/bookstore/product.asp?isbn=1587052601&rl=1

Cisco MARS Video Demos on the Web

This website has some useful Cisco MARS Video demos, for those intrigued what the MARS product is all about.

www.demolabs.co.uk/csmars.html

Thanks to the guys at UK MARS integrator Satisnet for this.

Importing 3rd Party Vulnerability Data into MARS

I have been asked quite a few times in my job as a Security Consulant, "Can Mars make use of my exisiting Qualys or Foundstone Appliance?"

Well yes, we can grab all the information that the 3rd party vulnerablilty scanner, knows about your network, and import this into the MARS database.

As you may already know, MARS has a built in Nessus scanner, and will use this (optional) for false positive analysis on incidents.

But using your exisiting VA will also add value, and save you time in manually configuring the OS, and Services running on your assets.


See below...


Cisco MARS Starts Here!

Welcome to my Blog for the superb Cisco MARS (Monitoring, Analysis and Response System) Appliance.

Be sure to visit often, for a whole range of information on the MARS product.

I hope to create a site full of real world integrations, how-to`s and demonstrations, to get the most out of your investment in MARS.

Any questions or ideas, please get in touch.