Advertisement
Appliance Overview and Specifications
Revised: March 3, 2008, OL-14672-01
This chapter defines components of the Cisco Security Monitoring, Analysis, and Response System
(MARS) and describes the front and backplanes of the various appliance models. This chapter contains
the following sections:
•
•
System Description
Cisco Security MARS is a security threat mitigation (STM) system. It delivers a range of information
about your networks' health as reported by devices in your networks. It processes raw events from your
reporting devices, sessionizes
(system and user-defined), identifies false positives, and consolidates information using diagrams,
charts, queries, reports, and rules.
MARS helps you be more productive by:
•
•
•
•
The MARS system operates at distinct and separate levels based on how much information is provided
about your networks' reporting devices. At its most basic level, MARS functions as a syslog server. As
you add information about reporting devices, MARS begins to sessionize the raw data, and after you
configure additional reporting devices and enable the more verbose reporting features, it presents a much
more comprehensive view of your network, from which you can quickly drill-down to a specific MAC
address, for example.
Figure 1-1
and their relationships.
1. Sessionize refers to correlating the reported network data. logs, and events into a higher-level interpretation to
identify those packets as part of a single session, or a communication, that has a beginning, a body, and an end.
OL-14672-01
System Description, page 1-1
Hardware Descriptions—MARS 25R, 25, 55, 110R, 110, 210, GC2R, and GC2, page 1-4
1
Reducing the amount of raw data that requires manual review
Enabling an evolving view of the network security posture
Identifying hot spots of malicious activity
Blocking undesirable traffic from the network
presents an example deployment of MARS, which identifies the components of the system
C H A P T E R
them across different devices, evaluates for matching inspection rules
Install and Setup Guide for Cisco Security MARS
1
1-1
Advertisement
Chapters
Troubleshooting
