Chapter 10. Cisco Security Monitoring, Analysis, and Response System

Chapter 9 discussed Cisco Security Manager in detail. Cisco Security Manager is the centralized configuration management product for a self-defending network. The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) product is the monitoring and mitigation platform for a self-defending network. Cisco Security Manager creates and deploys configurations to self-defending network devices including Cisco IOS routers, Catalyst 6500/7600 Firewall Services Modules, and Adaptive Security Appliances. Cisco Security MARS complements the Cisco Security Manager by providing best-of-breed monitoring of the self-defending network.

This chapter provides an overview of Cisco Security MARS. You learn about Cisco Security MARS features, the dashboard, how Cisco Security MARS displays a security incident, and how Cisco Security MARS can mitigate an attack or allow a network to be self-defending. This chapter also provides details on Cisco Security MARS integration with Cisco Security Manager, including how to select a syslog from an incident in Cisco Security MARS and receive a display of the access control list (ACL) rule in Cisco Security Manager that created the syslog.