Thursday, October 12, 2006

Implementing Monitoring, Analysis and Response System (MARS) v2.0 Course

For those interested, there are a few training partners running the Cisco MARS Course, this is entitled "Implementing Monitoring, Analysis and Response System (MARS)", and your materials should be V2.0 of the course.

I know these training partners are running the course, but are are surely more as well..


Fundamental knowledge of implementing network security / CCSP or Security CQS and working knowledge of routing and switching / CCNA

Course Objectives

After completing this course the delegate will be able to:
Describe the MARS solution, features and functions in context to the issues of security incidents and security information in an enterprise network.
Cover the basic physical installation process.
Add Cisco security and network devices into MARS appliance.
Add Non-Cisco security and network devices into MARS appliance.
Configure security devices to generate interesting events that constitute an attack scenario and have MARS collect the interesting events for incident investigation.
Discuss attack mitigation and false positive confirmation in context to MARS appliance. Configure appliance to perform Incident Investigation and attack mitigation.
Explain how to create, view and save a long-duration query and reports on the MARS appliance.
Configure the MARS appliance to send an alert.
Describe and configure rules that detect interesting patterns of network activity.
Use management features in the MARS appliance to assign event, addressing, service, and user information.
Configure hardware maintenance chores like viewing audit trail, data archiving, hot swapping hard drives, upgrading software on MARS appliance.
Provide overview of MARS Global Controller.
Provide overview of Log Parser Templates.

No comments: