cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
939
Views
4
Helpful
7
Replies

MARS book

andrew.burns
Level 7
Level 7

Hi,

Has anyone who uses MARS had a chance to look at the new Cisco Press book yet? Just wondering if it's any good as the description makes it sound kind of high-level, rather than very technical.

Andrew.

7 Replies 7

mmorris11
Level 4
Level 4

I am almost finished with it. I too wondered if it would be just a bound and printed version of the CCO doc, but I am pleased with it. The forward consists of an interview with the authors which was very interesting and gives some insider history on MARS and Protego. Except for ch6 (mostly a rerun of the config guide), this book really helps fill in the gaps on the theory of MARS operation.

HTH

joemarr_brodart
Level 1
Level 1

I read the book and I had been expecting a little more. Other then some small tidbits of useful info, it seemed to me as if I bought a bound copy of the manual.

I really wish there was more info availible on using MARS. I love the product, but I'm often left feeling that there is more to the product, and if I only had more information I could utilize the product more.

I just finished the book and found it very helpful in a recent engagement. There has been a dearth of documentation on MARS to date so beggers can't be choosers.

If I were to speak with the authors about improving it I would include the following:

1. More detail about syslog servers, in particular, the benefits of pointing existing syslog servers at a MARS box as opposed to sending traffic from devices directly to MARS.

2. A discussion of whether it is better to Push data to a MARS box or have MARS pull the data from the devices.

3. More detail about upgrading the IOS on the MARS box, especially by using ISO images instead of doing incremental upgrades.

Just my 2 cents. I understand there will be another, more technical book published in the first quarter of 2007.

chrisd
Level 1
Level 1

Its a good read, but you will not find too much that is not in the manual already.

Some good info on the database etc, and some casestudies.

You`ll also find some other info on a couple of blogs i`ve seen cs-mars.blogspot.com and ciscomars.blogspot.com

I found it pretty disappointing. However, I was looking for a more in depth technical reference manual.

If you know nothing about MARS it would be fine though I still prefer the pdf on CS-MARS from the Cisco web site better.

There is supposedly a more in depth, technical book on the subject of MARS coming out this coming June from the Cisco Press. Keep an eye out for:

Security Monitoring with Cisco Security Mars (Networking Technology) (Hardcover)

by Greg Kellog

Hope this helps.

yeah.. im waiting for that release also..

hope the author will include advance technical configurations, examples on real attack, how to mitigate those attackes and other important cases.

Please rate replies and mark question as "answered" if applicable.
Review Cisco Networking for a $25 gift card