Mars is a correlation engine. i.e it takes logs from all devices in the network like routers,switches,IPS,application servers,firewalls etc. After taking the logs, it correlates the events and creates an incident out of those events. In Mars you also can see the actual path of the attack and you can mitigate the attack by sending Mars recommended conifguration to the devices.
HTH
zubair