Cisco MARS 100 Manuals

Manuals and User Guides for Cisco MARS 100. We have 1 Cisco MARS 100 manual available for free PDF download: User Manual

Cisco MARS 100 User Manual (588 pages)

Security MARS Local Controller

Brand: Cisco | Category: Controller | Size: 7.27 MB

Table of Contents
4
About this Manual
22
Documentation Feedback
24
Reporting IP
59
Interface Settings
60
Selecting the Access Type
60
Bootstrap Summary Table
62
Adding Reporting and Mitigation Devices
66
Data Enabling Features
78
Integrating MARS with 3 Rd -Party Applications
104
CHAPTER 3 Configuring Router and Switch Devices

109
Chapter 4 Configuring Firewall Devices

129
Chapter 5 Configuring VPN Devices

187
- Cisco VPN 3000 Concentrator
  187
  - Bootstrap the VPN 3000 Concentrator
    187
  - Add the VPN 3000 Concentrator to MARS
    188
CHAPTER 6 Configuring Network-Based IDS and IPS Devices

191
Chapter 7 Configuring Host-Based IDS and IPS Devices

227
- Entercept Entercept 2.5 and 4.0
  227
- Cisco Security Agent 4.X Device
  231
Chapter 8 Configuring Antivirus Devices

237
Chapter 9 Configuring Vulnerability Assessment Devices

253
Chapter 10 Configuring Generic, Solaris, Linux, and Windows Application Hosts

263
Chapter 11 Configuring Database Applications

277
- Oracle Database Server Generic
  277
Chapter 12 Configuring Web Server Devices

281
Chapter 13 Configuring Web Proxy Devices

291
- Network Appliance Netcache Generic
  291
  - Configure Netcache to Send Syslog to MARS
    291
  - Add and Configure Netcache in MARS
    292
Chapter 14 Configuring AAA Devices

295
Chapter 15 Configuring Custom Devices

309
- Adding User Defined Log Parser Templates
  309
Chapter 16 Policy Table Lookup on Cisco Security Manager

323
Chapter 17 Network Summary

341
- Navigation Within the MARS Appliance
  341
  - Logging in
    341
  - Basic Navigation
    342
  - Help Page
    344
    
    Your Suggestions Welcomed
    344
- Summary Page
  346
  - Dashboard
    346
    
    Recent Incidents
    348
    
    Sessions and Events
    348
    
    Data Reduction
    349
    
    Page Refresh
    349
  - Diagrams
    349
    
    Manipulating the Diagrams
    351
    
    Display Devices in Topology
    352
  - Network Status
    352
    
    Reading Charts
    353
  - My Reports
    355
    
    To Set up Reports for Viewing
    355
- Case Management Overview
  357
Chapter 18 Case Management

359
- Case Management Considerations for the Global Controller
  359
- Hide and Display the Case Bar
  359
- Create a New Case
  360
- Edit and Change the Current Case
  361
- Add Data to a Case
  362
- Generate and Email a Case Report
  363
Chapter 19 Incident Investigation and Mitigation

365
Chapter 20 Queries and Reports

393
- Queries
  393
  - Chapter 20 Querie and Report
    394
  - To Run a Free-Form Query
    394
  - To Run a Quick Query
    394
  - To Run a Batch Query
    395
  - To Resubmit a Batch Query
    396
  - To Stop a Batch Query
    396
  - Result Format
    397
    
    Order/Rank by
    399
    
    Filter by Time
    400
    
    Use Only Firing Events
    400
    
    Maximum Number of Rows Returned
    400
  - Selecting the Query Type
    397
  - To Delete a Batch Query
    397
  - Selecting Query Criteria
    401
    
    To Select a Criterion
    401
  - Query Criteria
    402
    
    Source IP
    402
    
    Destination IP
    403
    
    Service
    403
    
    Event Types
    403
    
    Device
    403
    
    Severity/Zone
    404
    
    Operation
    404
    
    Rule
    404
    
    Action
    404
  - Saving the Query
    405
- Viewing Events in Real-Time
  405
  - Restrictions for Real-Time Event Viewer
    405
  - Procedure for Invoking the Real-Time Event Viewer
    406
- Perform a Long-Duration Query Using a Report
  409
- View a Query Result in the Report Tab
  411
- Perform a Batch Query
  412
Reports

415
- Report Type Views: Total Vs. Peak Vs. Recent
  416
- Creating a Report
  417
  - Working with Existing Reports
    417
Chapter 21 Rules

421
- Rules Overview
  421
  - Prioritizing and Identifying
    422
  - Think Like a Black hat
    422
  - Planning an Attack
    422
  - Back to Being the Admin
    423
  - Types of Rules
    424
    
    Inspection Rules
    424
    
    Global User Inspection Rules
    424
    
    Drop Rules
    424
- Constructing a Rule
  425
  - Working Examples
    436
    
    Example A: Excessive Denies to a Particular Port on the same Host
    436
    
    Example B: same Source Causing Excessive Denies on a Particular Port
    436
    
    Example C: same Host, same Destination, same Port Denied
    436
- Working with System and User Inspection Rules
  437
  - Change Rule Status-Active and Inactive
    437
  - Duplicate a Rule
    437
  - Edit a Rule
    438
  - Add an Inspection Rule
    439
- Working with Drop Rules
  441
  - Change Drop Rule Status- Active and Inactive
    441
  - Duplicate a Drop Rule
    441
  - Edit a Drop Rule
    442
  - Add a Drop Rule
    442
- Setting Alerts
  443
  - Configure an Alert for an Existing Rule
    444
- Rule and Report Groups
  444
Chapter 22 Sending Alerts and Incident Notifications

455
Chapter 23 Management Tab Overview

469
- Activating
  469
  - To Activate a Set of Management Additions or Changes
    469
- Event Management
  469
  - Search for an Event Description or CVE Names
    470
  - To View a List of All Currently Supported Cves
    470
- Event Groups
  470
  - To Filter by Event Groups or Severity
    470
  - Edit a Group of Events
    470
  - Add a Group
    471
- IP Management
  471
  - Search for an Address, Network, Variable, or Host
    471
  - Filter by Groups
    471
  - Edit a Group
    472
  - Add a Group
    472
  - Add a Network, IP Range, or Variable
    472
  - Add a Host
    473
  - Edit Host Information
    474
- Service Management
  475
  - Search for a Service
    475
  - Add a Group of Services
    475
  - Edit a Group of Services
    475
  - Add a Service
    476
  - Edit a Service
    476
  - Delete a Service
    476
- User Management
  476
  - Add a New User
    477
  - Add a Service Provider (Cell Phone/Pager)
    479
  - Search for a User
    479
  - Edit or Remove a User
    480
  - Create a User Group
    480
  - Add or Remove a User from a User Group
    480
  - Filter by Groups
    481
- Setting Runtime Logging Levels
  483
Chapter 24 System Maintenance

484
Appendix

509
- Cisco Security MARS XML API Reference
  
  509
  - XML Schema Overview
    509
  - XML Incident Notification Data File and Schema
    509
Appendix A Cisco Security MAR XML API Reference

510
Appendix

515
Appendix B Regular Expression Reference

516
- Backslash
  516
  - Non-Printing Characters
    517
  - Generic Character Types
    518
  - Unicode Character Properties
    519
  - Simple Assertions
    520
- Circumflex and Dollar
  521
- Full Stop (Period, Dot
  522
- Matching a Single Byte
  522
- Square Brackets and Character Classes
  522
- Posix Character Classes
  523
- Vertical Bar
  524
- Internal Option Setting
  524
- Subpatterns
  525
- Named Subpatterns
  526
- Repetition
  526
- Atomic Grouping and Possessive Quantifiers
  528
- Back References
  529
- Assertions
  530
  - Lookahead Assertions
    531
  - Lookbehind Assertions
    531
  - Using Multiple Assertions
    532
- Conditional Subpatterns
  533
- Comments
  534
- Recursive Patterns
  534
- Subpatterns as Subroutines
  535
- Callouts
  536
Appendix

537
Date/Time Format Specfication

537
Appendix

541
System Rules and Reports

541
- List of System Rules
  541

Cisco Categories

Switch IP Phone

Network Router Wireless Access Point Network Hardware

More Cisco Manuals

Cisco MARS 100 Manuals

Cisco MARS 100 User Manual (588 pages)

Table of Contents

CHAPTER 3 Configuring Router and Switch Devices

Chapter 4 Configuring Firewall Devices

Chapter 5 Configuring VPN Devices

CHAPTER 6 Configuring Network-Based IDS and IPS Devices

Chapter 7 Configuring Host-Based IDS and IPS Devices

Chapter 8 Configuring Antivirus Devices

Chapter 9 Configuring Vulnerability Assessment Devices

Chapter 10 Configuring Generic, Solaris, Linux, and Windows Application Hosts

Chapter 11 Configuring Database Applications

Chapter 12 Configuring Web Server Devices

Chapter 13 Configuring Web Proxy Devices

Chapter 14 Configuring AAA Devices

Chapter 15 Configuring Custom Devices

Chapter 16 Policy Table Lookup on Cisco Security Manager

Chapter 17 Network Summary

Chapter 18 Case Management

Chapter 19 Incident Investigation and Mitigation

Chapter 20 Queries and Reports

Reports

Chapter 21 Rules

Chapter 22 Sending Alerts and Incident Notifications

Chapter 23 Management Tab Overview

Chapter 24 System Maintenance

Appendix

Cisco Security MARS XML API Reference

Appendix A Cisco Security MAR XML API Reference

Appendix

Appendix B Regular Expression Reference

Appendix

Date/Time Format Specfication

Appendix

System Rules and Reports

Related Products

Cisco Categories