Checklist for Security Manager-to-MARS Integration
Task
Identify and enable all required traffic flows.
2.
After you identify the devices managed by the Security Manager server, you must verify that the network services
they use for management, reporting, and notification are permitted along the required traffic flows. Using the
detailed
Device Inventory Worksheet
traffic between the MARS Appliance and each supporting device, reporting device, and mitigation device is
allowed by intermediate gateways.
In addition, network services of supporting devices, such as DNS, e-mail, AAA, and NTP servers, must also be
permitted to flow among the MARS Appliance, the supporting devices, and the reporting devices and mitigation
devices on your network.
It is a recommended security practice to have all devices, including MARS Appliances, synchronized to the
Tip
same time.
Result: You have verified that all intermediate gateways permit the log, management, and notification traffic
between the devices and the MARS Appliance.
For more information, see:
Deployment Planning Guidelines, page
•
Analysis, and Response System
Supporting Devices, page
•
Response System
Required Traffic Flows, page
•
Response System
Specify the Time Settings, page
•
and Response System
Event Timestamps and Processing
•
System
Device Inventory Worksheet, page 1-18
•
User Guide for Cisco Security MARS Local Controller
16-8
identified in Step 1., ensure that the management, logging, and notification
2-1, in Install and Setup Guide for Cisco Security Monitoring,
2-1, in Install and Setup Guide for Cisco Security Monitoring, Analysis, and
2-2, in Install and Setup Guide for Cisco Security Monitoring, Analysis, and
5-10, in Install and Setup Guide for Cisco Security Monitoring, Analysis,
in Top Issues for the Cisco Security Monitoring, Analysis, and Response
Chapter 16
Policy Table Lookup on Cisco Security Manager
78-17020-01