Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
554
Views
4
Helpful
3
Replies

How many rules in MARS by default? How/where to upgrade?

baskervi
Level 1
Level 1

‎01-21-2006 07:54 PM - edited ‎03-10-2019 01:51 AM

I am taking over management of a MARS running 3.4 code. There are 102 system inspection rules, no user inspection rules, and no drop rules. How many are there by default? This doesn't seem like very many, at least compared to another vendor's system I've used in the past. Is there a site that has predefined rules (outside of having smartnet), as I'd prefer to not have to generate them (or at least many) manually?

Thank you.

Labels:
0 Helpful
3 Replies 3

Not applicable

‎01-27-2006 07:26 AM

The over 100 inspection rules that ship with CS-MARS are called System Inspection Rules.

Inspection Rules .

Global User Inspection Rules .

Drop Rules .

0 Helpful

baskervi
Level 1
Level 1
In response to

‎01-29-2006 08:23 AM

I understand these are system rules. My concern is that there should be considerably more system rules by default in MARS. I've configured a couple snort with acid IDS systems, and there were probably a thousand rules.

0 Helpful

mhellman
Level 7
Level 7
In response to baskervi

‎01-31-2006 11:16 AM

didn't you have to create/configure the rules with acid/snort? It's no different with the csmars. It ships with some, yes...but you have to configure it to your needs. Hell, the thing is how many signatures back from the Cisco IPS?...every one of those signatures it doesn't understand requires you own custom rule if you plan to do anything with the alarms.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card