Chapter 1. Introducing CS-MARS

A Security Information/Event Manager (SIEM, or commonly called a SIM) is a relatively simple tool. In its most basic sense, these devices collect Simple Network Management Protocol (SNMP) and syslog data from security devices and software, and insert it into a database. These devices then provide you with an easy user interface with which to access that information.

By itself, this is nothing special, but what is done after the data is received is important.

The Cisco Security Monitoring, Analysis, and Response System (CS-MARS) product was built to enhance this somewhat common tool by sessionizing the data and providing it with intelligence and knowledge of the network topology. Sessionization refers to the initial ...

Get Security Monitoring with Cisco Security MARS now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.