Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
9
Helpful
3
Replies

MARS IPS 6

garyprice
Level 1
Level 1

‎08-28-2007 10:21 AM - edited ‎03-10-2019 03:46 AM

IPS 6 is reporting the STORM WORM...MARS says it is an Unkown Device Event Type. I have latest code and sigs on all platforms.

Does this report from MARS indicate that I have to train and/or make a catagory or something like that on MARS?

I want MARS to generate a IPS/sig event description just like all of the other sigs on the IPS that are reported to MARS

Labels:
0 Helpful
3 Replies 3

acomiskey
Level 10
Level 10

‎08-28-2007 10:29 AM

Signature 5894 Storm Worm was released in S298.

The latest Mars release, 4.2.8, only supports up to S294.

garyprice
Level 1
Level 1
In response to acomiskey

‎08-28-2007 10:36 AM

ok, let say my uppermanagement wants a report that shows the impact of this 'Unknown" on their network. How can I achieve that?

gp

0 Helpful

mhellman
Level 7
Level 7

‎08-28-2007 11:05 AM

Welcome to MARS;-)

MARS is only updated about once every 2-3 months, and this includes signature updates. The latest release (about 2 days ago) understands Cisco IPS signatures up to S294, so it doesn't understand that signature. Why don't you ask management if they can wait until October? LOL.

Anyway, about the best you can do currently is to copy the data into another tool, like Excel, and clean it up.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card