O'Reilly logo

Security Monitoring with Cisco Security MARS by Greg Kellogg, Gary Halleen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 1. Introducing CS-MARS

A Security Information/Event Manager (SIEM, or commonly called a SIM) is a relatively simple tool. In its most basic sense, these devices collect Simple Network Management Protocol (SNMP) and syslog data from security devices and software, and insert it into a database. These devices then provide you with an easy user interface with which to access that information.

By itself, this is nothing special, but what is done after the data is received is important.

The Cisco Security Monitoring, Analysis, and Response System (CS-MARS) product was built to enhance this somewhat common tool by sessionizing the data and providing it with intelligence and knowledge of the network topology. Sessionization refers to the initial ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required