Cisco MARCH book
Hi all
Is there a good reference book / material available online for Cisco MARCH. I'm fairly new to it and looking forward to some basic knowledge and conceptual.
Kind regards
Samuel Wilson
Start with the user as Matthew suggested Guides and then proceed as follows.
1. visit the following blog:
http://ciscomars.blogspot.com/
2. visit the following Web site to view demos of MARCH:
Finally buy this book to the press of Cisco by Dale Tesch, "Mitigation of threats to security and response."
You should also keep an eye out for another book of MARCH which is expected in June:
Monitoring of security with Cisco Security MARCH (networking technology: Security) (connected)
Gary Halleen / Greg Kellogg
I hope this helps.
Tags: Cisco Security
Similar Questions
-
Forgot Cisco MARCH username and password
Hello
I have server Cisco MARCH and I forgot the password to access.
However, I try to follow these instructions
http://www.securitytut.com/mars-642-545/share-your-mars-experience
I can not access MARCH.
Someone has a solution to this problem and I wouldn't reinstall MARCH
Unfortunately MARCH reimage is the only way if you have forgotten the password.
-
How is used to monitor two ASA (active/stby) with modules IPS Cisco MARCH?
Hello
The two ASA with IPS modules are in Active mode / standby. When I try to add both the two IP (active / standby) in MARCH, the MARCH will complain of duplicate names.
How set up in MARCH to monitor the ASA with IPS with topology standby active?
Thank you!
Hello
The fundamental problem with this scenario is that you have modules able non-basculement in a tipping chassis - think of the pair of failover ASA as a device and modules IPS as two completely separate devices.
Then, as we have already mentioned, add only the ASA elementary school. (High school will never be passing traffic in standby mode so it is not really necessary in MARCH) Then, with the first IPS module you can add it as a module of ASA or as a standalone device (MARCH doesn't care). With the second module IPS, the only option is to add it as a separate unit anyway.
In a failover scenario of the SAA swap IP but SPI considering you'll ever messages from ASA active you will get messages from the intellectual property of these two IPS depending on whether you are in the ASA active at the time.
Remember that you must manually reproduce all IPS configuration whenever you make a change.
HTH
Andrew.
-
How to use Cisco MARCH to monitor two FWSMs in two Cat6500 to the failover?
Hello
I have understad that I can add the two catalysts to MARS and I can add primary FWSM as a primary catalyst module as well. But how can I add secondary FWSM.
Any ideas appreciated
Thank you
If you have already configured the primary, you do have to configure the secondary image. No need to configure the secondary because it is not recommended to do so, in the case of a failover secondary firewall will automatically resume the active configuration (EX: IP address) of the primary so the source of the syslogs will remain the same
-
Does anyone know of manuals of Cisco or books on the access server 2511. I found documents on the Web on this device but no real book or manual. I'm looking for more of a reference guide of command with some possible basic configuration settings; something that I can use to double check my configurations and settings. If someone knows something please let me know if possible as well as the ISBN.
Thank you!
http://www.Cisco.com/en/us/docs/iOS/dial/configuration/guide/12_4t/dia_12_4t_book.html
It is about 1000 times what you need to know to use a 2511 as a console for a router lab server.
Remember messages useful rate by clicking on the stars below.
-
Cisco Advanced Wireless LAN field specialist
Hello.. I've passed the CCNA certification recently and wanted to get the specialist wireless but cannot find any info how to go to this topic - Cisco press didn't review guides for these apparently - or am I looking in the wrong places... Thanks in advance
I have not looked in the last year or so, but the Cisco Press books for Wireless suck well enough (in a Word). They are not very useful for exams and were too old / obsolete as practical references.
IMO, the best general guide / reference is book 3 of the planet for Certified Wireless Network Associate (CWNA) which is published by Osborne.
They have other more advanced books (CWAPE, CWSP), these are all the study guides excellent for their respective tests (non-vendor-specific) and are also useful for reference later when you start to forget small details.
Discover the EM, most libraries that take tech are likely to have em.
Good luck
Scott
-
MARCH tutorials and references
Hi all
I was wondering if anyone had any good tutorials MARCH or reference material? I can't do this thing do anything useful, in part because of access limited to the program, but mostly because of my lack of knowledge of what it can potentially make.
I am familiar with VM, and I love the view of all the events of the grid where you can go to each event and analyze. Is there something similar in MARCH? This kind of functionality makes it much easier to transition to MARS.
I know there is a manual for it, however, I can not locate it on Cisco's Web site or it is not available at my level of current account. My colleagues have access, but can't seem to remember to send it to me.
Thanks in advance, and I apologize for the nooby question!
-Ryan
Here is mine. Kudos to mhellman for mentioning the Google Group!
Bibliography and Web sites
1 security threat and mitigation by Dale Tesch. Published by Cisco Press, 2006.
2. http://ciscomars.blogspot.com/
3. http://cs-mars.blogspot.com
5 cisco MARCH user group. You must be logged in and a member of this group to view its content:
http://groups.Google.com/group/CS-Mars-UG?hl=en-GB
6. http://blog.priveonlabs.com/sec_blog.php?cat=14
7 security monitoring with Cisco Security MARS by Gary Haleen. Published by Cisco Press, 2007.
I hope this helps.
-
Deployment of Cisco IPS 4240 devices
I can't find all the information about the Cisco IPS 4240 features massive deployments. I have 6 devices, I intend to drive to several remote sites and tie in a centralized unit of Cisco MARCH. Without the help of any CSM/LMS software, is there a quick and dirty to pull this off? I think to set up a single IPS appliance, then pull and distribute the configuration file for the remaining devices. I would like to see how others have done this...
If all of your sensors are of the same type (all 4240 to your situation) and will execute all the even correct configuration, then the copy command will help out you.
There is a new feature added to the copy command in IPS 6.1 which will help you during the copying of config of one sensor to another.
Complete you configure a sensor (using IME, IDM or CLI). When you are satisfied with the configuration, and then use the command copy to copy ON a server of SCP.
Now bringup a second sensor and configure basic networking through the Installer settings (ip address, gateway, etc...).
Now, use the command copy to copy the first configuration of sensors from the SCP server in the running of the second probe configuration on the second.
It will ask you to change the network settings on the second probe.
Answer n °
The rest of the configuration of the probe first copy will be placed in the second sensor.
The second sensor will keep its own unique IP address but win the rest of the configuration of the config of the first probe.
Continue to do this with additional sensors.
The process can then be repeated every time that additional changes are made to the first sensor.
Remember though that this only works if the configuration of the probe will be exactly duplicated (including what interfaces would be monitored and how).
If each sensor will have some unique tunings, then you need to manage each sensor on its own or buy CSM which can be used to share only parts of the configuration of multiple sensors.
-
Hello!
CS MARCH reports with an address 0.0.0.0 source ip and port number 0. What does that mean?
Thank you in advance!
You can always click on the type of event that will give you a popup with description of the event.
Cisco MARCH has detected an inactive reporting device that did not report any event to MARS in the last hour. This may indicate that the device does not work correctly.
-
Basic configuration of NAC appliance
I have a small project to authenticate users about 100 to access the network. We plan to use the Cisco NAC appliance. Just to clarify (I saw some post but I'm not sure of the correct answer) do I need 2 separate devices, one as a server and the other as a controller; or I just need a do two tasks?
Thank you
-Arturo
Hi Arturo,.
You need two devices to operate. A Manager and a server.
There is a great Cisco Press book on the ANC by James Heary device that will give you a lot of details and information on the configuration of the devices.
I hope this helps.
Paul
-
I have decided to follow the CPSC and am looking for a good book to read, learn and prepare for the exam, ideas?
I am a firm believer in the cisco Press books, I have recently started my CCSP track and passed this exam with this book...
It can be exceeded, but with this book and information review on TCPMAG.COM about this exam, I passed with flying colors...
hope this helps
-
Hello
I have the Cisco MARCH tool SIM in my environment and I currently use syslog messages for report of activities for various devices; I would like to see what I would get if I compatible SNMP on what is currently collected through syslog messaging?
Thank you
Haitham
Hi Haitham,
SNMP provides limited/specific type of newspapers through traps, for example, restarting the system, BGP. ATS and so on.
For example, in the router, you can see snmp options via "snmp-Server enable traps?
http://www.Cisco.com/en/us/Tech/tk648/tk362/technologies_tech_note09186a008021de3e.shtml
Syslog will generate and send logs syslog level that allowed you to be sent to MARS. Recommended level is information so that you can collect all the information/events in a specific device. But you can always specify this level based on the criticality of the device.
SNMP and Syslog complement each other in order to provide accurate and sufficient information to be processed by MARCH. NetFlow is also an excellent source of information.
Rgds,
AK
-
How to let an author of a book of Cisco or video know that they made a mistake?
I would like to know if anyone knows how to politely approach the author of a Cisco supported the publication on an erroneous interpretation of a topic.
I'll give you two examples; do not attempt to disrespect the authors, but to help anyone who may be prepare for the CCNP ROUTE exam. (I certainly know more than the great authors.)
(1) Rohit Pardasani erred when he explained what the command "ip multicast of PNDH card {
|}". dynamic}' is for CCNP routing and switching ROAD 300-101 Exam Prep video. Other documents that I found and experience true 'laboratory' goes against his understanding or explanation of the command. It's still a rough cut, so it can be changed in time. It's a great resource otherwise. (2) Kevin Wallace also erred in CCNP routing and switching ROAD 300 - 101 full video course made a mistake in explaining how to calculate the bandwidth * delay product. What I found explains that the delay IS round-trip (RTT), including RFC 1072 time.
If I'm wrong, please correct me. Also, I'm doing this because I'm sick and tired of questions wrong or ambiguous in various Cisco exams.
Thank you
Daniel
Contact the editors. If it's by Cisco Press, you can attach them here:
http://www.CiscoPress.com/about/contact_us/
I reported an error before and after about three months the Publisher and the author of the book contacted me on this subject.
-
What book to review Cisco Secure Virtual Private Networks?
Hello
I want to prepare for the Cisco Secure Virtual Private Networks (642-511) exam.
Can someone tell me what is the book of CiscoPress recommended to pass this test?
Thank you.
Hello
Well, Cisco offers a good game that allow you to a tour of the fast configuration of the VPN 3000 Concentrator, logon to:
Cisco certifications-> games community-> Cisco Secure volunteer
Sound of running a tour so that your actions are limited, but this will give you an overview of GUI.
I hope this will help
-
Ways to receive calls from address book on Cisco Telepresence SX20?
I got many unknown calls on my teleconferencing equipment and I would like to know if there are ways to block these calls or even perhaps only to receive calls on the address book.
This has been discussed before in the forums many times more. Take a look at some of the following threads:
- nuisance-h323-call-sx20
- Ghost-calls-tandberg e20
- sourceh323idcisco-incomingcalls
- VCS-sip-abuse-reported
If your endpoint has a public IP address, depending on the configuration of endpoint, you could get behind a NAT device or restrict access of your firewall to allow only specific IP addresses this conference you with. If you use H323, you must also disable SIP endpoint.
Maybe you are looking for
-
How to use the external USB camera on iPhone IOS 6?
Hello I need to use an external USB Endoscope for the inspection of vehicles and etc. using IOS on iPhone 6. I bought an external USB 2.0 adapter lightning, plugged in the endoscope (comments showed that this endoscope works on IOS devices) and it p
-
Plug webcam and I get a message saying that the video may not play because maybe use a different program it... ??
-
I had a bad BCA and I replaced it and have the system power again but I can't initialize the library of. I don't have a return to the top. I need help please
-
Hi how I can be in touch by chat with echosign?
How can I be in touch with echosign by CAT? I need help... Thank you in advance.
-
HA/DRS requires vcenter to be up
If vcenter is down, HA/DRS work always?