There are also two books available, Security Threat Mitigation and Response: Understanding Cisco Security MARS and Security Monitoring with Cisco Security MARS.
The Cisco Press website, only recommends the first book though.
Another useful resource is the Cisco MARS User Group, where there are now over 430 members.
The following topics are general guidelines for the content likely to be included on the Remote Access exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Install and configure the Cisco Security MARS product
- Identify the components, features and functions of the Cisco Security MARS product
- Describe the process of installing the Cisco Security MARS appliance
- Add Cisco reporting devices into the Cisco Security MARS appliance
- Add non-Cisco reporting devices into the Cisco Security MARS appliance
- Investigate events that the Cisco Security MARS appliance collects from configured security devices
- Configure the Cisco Security MARS appliance to send alerts
- Create and view a long-duration query on the Cisco Security MARS appliance
- Configure rules to detect interesting patterns of network activity and other anomalous network behavior
- Use the management features in the Cisco Security MARS appliance to assign event, addressing, service, and user information
- Configure the Cisco Security MARS appliance hardware maintenance activities
- Utilize the Global Controller to manage multiple Cisco Security MARS appliances