MARS First Thoughts

Cisco MARS is an interesting product.  As compared to Cisco Works VMS, I find its monitoring capabilities far more complete and useful.  I am fairly new to MARS and some of the concepts.  That being said, the more I use it, the more useful I find it.  However, there are a few items that I think could be improved on.  Some of these items should be very easy to add into the web interface.  Others I’m not completely sure how they could be accomplished, but would be nice to have.

Items I would like to see…

  • Utilize the topology information to quickly find the switch and port a host is connected to by IP Address or MAC Address.
  • Provide a means for easier drill down into raw events.
  • Add more useful tools to present Netflow Data.
  • Separate the combined chart that has both Netflow and Event data on the dashboard.
  • Provide a way to backup the host in a more traditional way.  The archive method does not allow for data backup of past events and incidents.
  • More useful email alerts by allowing parameters to be inserted.  This is a double edged sword since emails may be sent before events are sessionized.   However, in many cases, the trigger event will contain very useful information that can be viewed on a mobile email client.
  • Better means for applying alert actions to multiple events and events based on severity.
  • It seems a little 1990’s for a decent looking web interface (excluding the mismatched color schemes) to have to go to a server to pull the file in.  HTTP upload for a device seed file would be handy and used more often than the current method.

I know I will stumble on more things I’d like to see changed or added.   In any case, Cisco MARS is on the verge being super slick monitoring solution for consolidating events into a manageable view.

No related content found.

About Paul Stewart, CCIE 26009 (Security)

Paul is a Network and Security Engineer, Trainer and Blogger who enjoys understanding how things really work. With over 15 years of experience in the technology industry, Paul has helped many organizations build, maintain and secure their networks and systems.
This entry was posted in Other. Bookmark the permalink.