Options
Cisco MARS Self-study Aides
Demiurge
Member Posts: 20 ■□□□□□□□□□
I'm trying desperately to understand MARS. It seems like a powerful tool, but I find the GUI rather unintuitive and it is difficult for me personally to learn by reading the Cisco documentation.
I was supposed to take a MARS class with Global Knowledge, but our training budget for the year is exhausted so I'm looking for any self-training that might be available. I've got the Cisco Press "Security Monitoring with Cisco MARS" book, but was hoping there might be some CBT or other training documentation out there. Unfortunately CBT Nuggets, who I absolutely love, doesn't have MARS in their CCSP series.
Thanks.
I was supposed to take a MARS class with Global Knowledge, but our training budget for the year is exhausted so I'm looking for any self-training that might be available. I've got the Cisco Press "Security Monitoring with Cisco MARS" book, but was hoping there might be some CBT or other training documentation out there. Unfortunately CBT Nuggets, who I absolutely love, doesn't have MARS in their CCSP series.
Thanks.
"It seems to me there's quite a lot to be done. And since, clearly, no one else is going to do it, I will."
Comments
-
Options
TesseracT
Member Posts: 167
Are you using MARS at work? cool if you are, I've never actually seen any in use before -
Options
Turgon
Banned Posts: 6,308 ■■■■■■■■■□
I'm trying desperately to understand MARS. It seems like a powerful tool, but I find the GUI rather unintuitive and it is difficult for me personally to learn by reading the Cisco documentation.
I was supposed to take a MARS class with Global Knowledge, but our training budget for the year is exhausted so I'm looking for any self-training that might be available. I've got the Cisco Press "Security Monitoring with Cisco MARS" book, but was hoping there might be some CBT or other training documentation out there. Unfortunately CBT Nuggets, who I absolutely love, doesn't have MARS in their CCSP series.
Thanks.
MARS like ASA you really need to learn by doing, although reading is an important component of the learning process. I haven't done the exam, but the CCSP exam for ASA is very difficult to pass without lots of hands on. So I would recommend you see what you can get access to in terms of labs. I enjoyed using ASA in the field this year but really found it quite taxing without a strong background in it and would have struggled to do anything complicated with it off the bat. It was not *that* intuitive. I need to do some labtime myself with ASA not only to cement what I learned in the field, but also to try out things I didnt have to do but in a safe lab environment where it doesn't matter if you screw up a production site to site VPN. I had one piece of work along those lines that ran into problems although the plan seemed more or less straightforward. The VPN came up but the PAT we did had issues so I had to bring in our best ASA guy to take a look. He was much more experienced on ASA than myself and very agile with the configuration and logging capabilities. But as it turned out, while the config did need some tuning with a more experienced set of eyes, problems beyond the ASA left us without a total solution. So it ended up being a 2.5 hour piece of work out of hours with even server guys pitching in. DNS fun.
On MARS I have no views on it myself, but some people so far as I can tell have issues with it. -
OptionsDemiurge
Member Posts: 20 ■□□□□□□□□□
Are you using MARS at work? cool if you are, I've never actually seen any in use before
At the moment I'm basically using it as a glorified syslog aggregator. I've tried to do more with it, but I really need to learn more about tuning alerts and setting up email alerting, etc. It's an ugly GUI and not at all intuitive.
In contrast, the GUI for the ASA and IPS are easy to look at and have well defined and laid out menus.
I'm sure once I understand more about it everything will fall into place... I just need a step by step walk through on this one."It seems to me there's quite a lot to be done. And since, clearly, no one else is going to do it, I will." -
OptionsDemiurge
Member Posts: 20 ■□□□□□□□□□
MARS like ASA you really need to learn by doing, although reading is an important component of the learning process. I haven't done the exam, but the CCSP exam for ASA is very difficult to pass without lots of hands on. So I would recommend you see what you can get access to in terms of labs.
Well, I can lab at work... I just don't know where to start. I don't need it as my CCSP elective though. Just for work knowledge.
I agree on the ASA. I've passed both SNAF & SNAA and couldn't imagine passing without significant hands-on experience."It seems to me there's quite a lot to be done. And since, clearly, no one else is going to do it, I will." -
OptionsTurgon
Banned Posts: 6,308 ■■■■■■■■■□
Well, I can lab at work... I just don't know where to start. I don't need it as my CCSP elective though. Just for work knowledge.
I agree on the ASA. I've passed both SNAF & SNAA and couldn't imagine passing without significant hands-on experience.
How about Gary's book on Amazon. Good reviews and might be worth a punt to get you going.
Amazon.com: Security Monitoring with Cisco Security MARS (9781587052705): Gary Halleen, Greg
One of the problems with technical books is they may be good at explaining what a device can do but less good at worked examples that are useful in the workplace. Hopefully this helps in that sense. -
OptionsDemiurge
Member Posts: 20 ■□□□□□□□□□
How about Gary's book on Amazon. Good reviews and might be worth a punt to get you going.
One of the problems with technical books is they may be good at explaining what a device can do but less good at worked examples that are useful in the workplace. Hopefully this helps in that sense.
Yeah, I've got the book and it did help me a little. It looks to me like there just isn't enough demand for the MARS test so none of the CBT companies have produced video courses.
I've posted this in several places and 3 different training companies have told me they have MARS classes available. Unfortunately my company doesn't have any training dollars left And I can't afford $3000 to take the class myself.
If only I could get Cisco to part with their internal courseware that they provide to employees and training partners I'd probably be able to make some more progress with the darn box."It seems to me there's quite a lot to be done. And since, clearly, no one else is going to do it, I will." -
Options
QHalo
Member Posts: 1,488
There are some discussions on the web about how to use MARS in VMware. I'm not sure touchiness of those discussions on these forums so I'll just say that they're out there. The newest version of MARS is 6.0. It could be a good resource for learning how to use it hands on if you have the hardware. -
Options
mikej412
Member Posts: 10,086 ■■■■■■■■■■
What you do with your legally acquired software in the privacy of your lab is between you and your vendor (a.k.a. The Vegas Rule for Labs).I'm not sure touchiness of those discussions on these forums so I'll just say that they're out there.
Pirating software and the use of illegally acquired software isn't a valid discussion topic.
I tried MARS on VMWare once when I was younger -- but I didn't inhale.:mike: Cisco Certifications -- Collect the Entire Set! -
OptionsQHalo
Member Posts: 1,488
What you do with your legally acquired software in the privacy of your lab is between you and your vendor (a.k.a. The Vegas Rule for Labs).
Pirating software and the use of illegally acquired software isn't a valid discussion topic.
I tried MARS on VMWare once when I was younger -- but I didn't inhale.
I would think they fall into the realm of Dynamips/Dynagen type discussions and yes, you need to have a valid license and CCO account to obtain the software downloads, but I didn't want to step on toes.
