Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
20171
Views
0
Helpful
8
Replies
Highlighted
yussetamayo
Beginner
Beginner
‎05-18-2012 12:07 PM
‎05-18-2012 12:07 PM

MARS Replacement

HI all

what would be the MARS replacement solution?

what Cisco tool, I need to correlate the different security alarms?

regards.                  

Labels:
0 Helpful
Reply
8 REPLIES 8
Highlighted
wallacem
Beginner
Beginner
‎05-19-2012 12:41 AM
‎05-19-2012 12:41 AM

There are a number of third party products out there. Juniper strm, rsa envision and splunk to name a few.

Sent from Cisco Technical Support iPad App

0 Helpful
Reply
Highlighted
mikecrowe4ICS_2
Beginner
Beginner
In response to wallacem
‎05-20-2012 09:16 PM
‎05-20-2012 09:16 PM

A couple of notes:

  • the Juniper STRM is an OEM version of QRadar, a SIEM product made by Q1 Labs
  • the same product (QRadar) is also OEM'd by Enterasys as their "Dragon Security Command Console"
0 Helpful
Reply
Highlighted
mikecrowe4ICS_2
Beginner
Beginner
‎05-20-2012 08:56 PM
‎05-20-2012 08:56 PM

There is no CS-MARS replacement product offered by Cisco directly. They left that market segment when they killed MARS off. What they do instead is publish a list of "Technology Partners" that offer SIEM solutions recommended for use in Cisco environments.

The design guides for the partner products are posted in Cisco's "Design Zone" portion of their site, found here:

http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/ns1090/landing_siem.html

One of the linked documents linked, the "Lippis Report", explains the philosophy they've adopted now.

The program's "Cisco Developer Network" section also includes additional information on each of the partner products. 

Cisco Developer Network: Security Management Partners

For reference, these are the 6 recommended partners/products:

  • ArcSight
  • LogLogic
  • netForensics
  • RSA
  • SenSage
  • Splunk

There are other options that aren't mentioned here, but this would be a decent place to start.

Message was edited by: Michael Crowe (better CDN link)

0 Helpful
Reply
Highlighted
David Niemann
Participant
Participant
In response to mikecrowe4ICS_2
‎06-21-2012 05:13 PM
‎06-21-2012 05:13 PM

Anyone have any opinions on the various third party SIEMs? I still have MARS and haven't cared for the few I've looked at, so I'm clinging to MARS for now.

Sent from Cisco Technical Support iPad App

0 Helpful
Reply
Highlighted
stojanr
Beginner
Beginner
In response to David Niemann
‎03-09-2013 02:23 PM
‎03-09-2013 02:23 PM

IBM's QRadar solution has a very similar user interface layout and user experience to what MARS used to have, while providing a modern, up-to-date SIEM solution.

0 Helpful
Reply
Highlighted
katembrew
Beginner
Beginner
‎03-01-2013 12:53 PM
‎03-01-2013 12:53 PM

An affordable SIEM option to replace Cisco MARS

0 Helpful
Reply
Highlighted
wwvan
Beginner
Beginner
In response to katembrew
‎10-03-2013 07:37 AM
‎10-03-2013 07:37 AM

Are there any experiences available with this Solarwinds Product...

Wehad a deep look for example at Arcsight, very good but this it's price (sure twice the MARS Costs)..

0 Helpful
Reply
Highlighted
fb_webuser
Frequent Contributor
Frequent Contributor
‎05-31-2013 02:52 AM
‎05-31-2013 02:52 AM

. .

---

Posted by WebUser Sri Hari from Cisco Support Community App

0 Helpful
Reply
Latest Contents
ISE Performance & Scale
Created by howon on 02-24-2021 08:26 PM
11
214
11
214
  ISE Node TerminologyISE DeploymentsISE Deployment Scale and LimitsMaximum Network Latency Between NodesISE Hardware PlatformsISE PSN PerformanceISE TACACS+ PerformanceISE 2.6 RADIUS PerformanceISE 2.4 RADIUS PerformanceISE 2.3 RADIUS PerformanceIS... view more
Detecting and Responding to the SolarWinds Infrastructure At...
Created by aligarci on 02-23-2021 08:19 AM
0
5
0
5
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr... view more
Arista CloudVision WiFi Dictionary and NAD Profile for ISE I...
Created by hslai on 02-21-2021 01:59 PM
0
10
0
10
Attached are the dictionary and NAD profile as described in Arista CloudVision WiFi Integration with Cisco ISE .
Cisco Secure Endpoint Free Trial Guide
Created by E.L. Howard on 02-15-2021 07:36 PM
0
0
0
0
ISE Node TerminologyISE DeploymentsISE Deployment Scale and LimitsISE Hardware PlatformsISE PSN PerformanceISE TrustSec ScalingISE Storage RequirementsISE ERS ScaleISE WAN Bandwidth CalculatorSources   About this Document Cisco Secure Endpoint (for... view more
Firepower 6.7 Release Demonstration - Health Monitoring
Created by Namit Agarwal on 02-08-2021 11:42 AM
0
0
0
0
  In this video, Namit reviews Health Monitoring improvements and introduces the new Unified Health Monitoring dashboard on the FMC. 
Content for Community-Ad