KT-MARS MARS Cisco Security Monitoring, Analysis and Response System Training - Minneapolis, Minnesota IT MN Technical Financial New York, NY
Knowledge Transfer Microsoft Certified Silver Training Partner CPLS
Knowledge Transfer is a Microsoft Certified Silver Learning Partner
Oracle University


Microsoft Certified Training Partner CTEC
Search for a Course Topic:
Public Courses
Corporate Services & Training



 Course Search
Course #

 Training Delivery
Training Delivery
Custom Curriculum
Course List
 Main Menu
View Courses
Site Index

MARS Cisco Security Monitoring, Analysis and Response System


The Cisco Security Monitoring Analysis and Response System (CS-MARS) is part of the Cisco Security Management Suite which provides security monitoring for network security devices and host application made by Cisco or non-Cisco providers. In addition to event correlation and data reduction features found in SIM products, CS-MARS also provides topology awareness and automatic mitigation features. In knowing the topology of a network, CS-MARS can determine where the attack is originating and apply the appropriate remediation. CS-MARS is a key component in the Cisco Self Defending Network strategy. CS-MARS exchanges information with CS-Manager to provide a unified security management solution. For example, an administrator can view IPS signatures or the Firewall block / permit syslog messages received from sensors or firewalls. CS-MARS will communicate with CS-Manager and display the IPS signature table or firewall rule table. From there the IPS signature or firewall rule can be modified as necessary. Together CS-MARS and CS-Manager provide a unified management solution for monitoring and provisioning.


Upon completing this course, the learner will be able to meet these overall objectives:

  • Use CS-MARS to monitor security and host application devices.
  • Know CS-MARS architecture and how CS-MARS process events.
  • Know how to use archive and restore features.
  • Use CS-MARS to run / create / customize reports
  • Use CS-MARS to investigate an incident and mitigate the security threats.
  • Use CS-MARS to do customer parser for unknown devices in CS-MARS.
  • Use CS-MARS to create / customize rules that detects dark net through best practices example.
  • Know how to tune signature / log level on device side and CS-MARS side.

Who Should Attend

  • Engineers who support sales of Cisco security product solutions
  • Cisco channel partners who sell, implement, and maintain secure networks
  • Cisco customers who implement and maintain secure networks

Click here to view the Course Outline
  • Cisco CCSP certified or equivalent knowledge
  • Passage of the Securing Cisco IOS Networks (SECUR) exam (642-501), the Securing Networks with Cisco Routers and Switches (SNRS) exam (642-502), or both
  • At least six months of practical experience configuring Cisco routers and security products
  • Familiarity with implementing network security policies and these networking components and concepts:
  • Perimeter security system components: Perimeter router, firewall, intrusion prevention system (IPS), virtual private network (VPN), and demilitarized zone (DMZ) host
  • Servers: Cisco Security Manager; syslog; authentication, authorization, and accounting (AAA); Cisco Secure Access Control Server (Cisco Secure ACS); and FTP
  • Protocols: syslog, Simple Network Management Protocol (SNMP), Secure Shell (SSH), FTP, and Telnet
4 Days  

View Printer Friendly Page


To Inquire About Future Classes

Request a class date

if one is not scheduled.

Comments on the Course

  • We accept Cisco training credits!
  • Learning Credits: 30
  • Hitachi HiPass: 4