69-23
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter69 Using External Monitoring, Troubleshooting, and Diagnostic Tools
Integrating CS-MARS and Security Manager
Checklist for Integrating CS-MARS with Security Manager
To enable the cross-communication between CS-MARS and Security Manager (as described in
Integrating CS-MARS and Security Manager, page69-22), you must identify the applications to each
other and ensure that devices managed by both applications are configured appropriately. The following
table describes the integration steps.
If you have problems with cross-communications, see Troubleshooting Tips for CS-MARS Querying,
page 69-26.
Related Topics
Viewing CS-MARS Events for an Access Rule, page69-28
Viewing CS-MARS Events for an IPS Signature, page69-30
Looking Up a Security Manager Policy from a CS-MARS Event, page 69-31
Table69-6 Integrating CS-MARS and Security Manager
Task Description
Add the devices to Security
Manager and CS-MARS
See Adding Devices to the Device Inventory, page 3-6 for information
about adding devices to Security Manager. See the Device
Configuration Guide for Cisco Security MARS for information about
adding devices to the CS-MARS inventory.
A device must be supported by both applications to provide
cross-communication for the device. Supported device types generally
are those providing Firewall > Access Rules, or IPS > Signatures
policies. (These include: PIX, ASA and FWSM appliances, Cisco IOS
routers, Cisco IPS sensors and modules, and Cisco Catalyst switches.)
Configure the devices as
required by each application
See Chapter 2, “Preparing Devices for Management” for information
about basic configuration requirements for Security Manager. See
Device Configuration Guide for Cisco Security MARS for the more
extensive requirements for CS-MARS.
Register Security Manager with
CS-MARS
For information on configuring CS-MARS to communicate with
Security Manager, see User Guide for Cisco Security MARS Local and
Global Controllers.
You might want to create a CS-MARS user account specifically for
linking with Security Manager. See Configuring the Security Manager
Server to Respond to CS-MARS Policy Queries, page69-24.
Register CS-MARS controllers
with Security Manager
For information on registering CS-MARS controllers with Security
Manager, see Registering CS-MARS Servers in Security Manager,
page 69-24.
Link CS-MARS controllers to the
devices in Security Manager
In Security Manager, you can proactively discover the CS-MARS
controllers that monitor a particular device by clicking Discover
CS-MARS on the device’s Device Properties page, as described in
Discovering or Changing the CS-MARS Controllers for a Device,
page 69-25. Otherwise, the appropriate controller is discovered
automatically when a user attempts to look up events for the device (the
user is prompted to select a controller if more than one monitors the
device).