Buy or Renew
Buy or Renew
Welcome to the new Cisco Community. LEARN MORE about the updates and what is coming.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
21383
Views
0
Helpful
8
Replies

MARS Replacement

yussetamayo
Beginner
Beginner

‎05-18-2012 12:07 PM

HI all

what would be the MARS replacement solution?

what Cisco tool, I need to correlate the different security alarms?

regards.                  

Labels:
0 Helpful
8 Replies 8

wallacem
Beginner
Beginner

‎05-19-2012 12:41 AM

There are a number of third party products out there. Juniper strm, rsa envision and splunk to name a few.

Sent from Cisco Technical Support iPad App

0 Helpful

mikecrowe4ICS_2
Beginner
Beginner
In response to wallacem

‎05-20-2012 09:16 PM

A couple of notes:

  • the Juniper STRM is an OEM version of QRadar, a SIEM product made by Q1 Labs
  • the same product (QRadar) is also OEM'd by Enterasys as their "Dragon Security Command Console"
0 Helpful

mikecrowe4ICS_2
Beginner
Beginner

‎05-20-2012 08:56 PM

There is no CS-MARS replacement product offered by Cisco directly. They left that market segment when they killed MARS off. What they do instead is publish a list of "Technology Partners" that offer SIEM solutions recommended for use in Cisco environments.

The design guides for the partner products are posted in Cisco's "Design Zone" portion of their site, found here:

http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/ns1090/landing_siem.html

One of the linked documents linked, the "Lippis Report", explains the philosophy they've adopted now.

The program's "Cisco Developer Network" section also includes additional information on each of the partner products. 

Cisco Developer Network: Security Management Partners

For reference, these are the 6 recommended partners/products:

  • ArcSight
  • LogLogic
  • netForensics
  • RSA
  • SenSage
  • Splunk

There are other options that aren't mentioned here, but this would be a decent place to start.

Message was edited by: Michael Crowe (better CDN link)

0 Helpful

David Niemann
Participant
Participant
In response to mikecrowe4ICS_2

‎06-21-2012 05:13 PM

Anyone have any opinions on the various third party SIEMs? I still have MARS and haven't cared for the few I've looked at, so I'm clinging to MARS for now.

Sent from Cisco Technical Support iPad App

0 Helpful

stojanr
Beginner
Beginner
In response to David Niemann

‎03-09-2013 02:23 PM

IBM's QRadar solution has a very similar user interface layout and user experience to what MARS used to have, while providing a modern, up-to-date SIEM solution.

0 Helpful

katembrew
Beginner
Beginner

‎03-01-2013 12:53 PM

An affordable SIEM option to replace Cisco MARS

0 Helpful

wwvan
Beginner
Beginner
In response to katembrew

‎10-03-2013 07:37 AM

Are there any experiences available with this Solarwinds Product...

Wehad a deep look for example at Arcsight, very good but this it's price (sure twice the MARS Costs)..

0 Helpful

fb_webuser
Frequent Contributor
Frequent Contributor

‎05-31-2013 02:52 AM

. .

---

Posted by WebUser Sri Hari from Cisco Support Community App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents