Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
1
Replies

CS-MARS NEtflow and Rules Associated With it

niall-wilkins
Level 1
Level 1

‎05-15-2008 03:12 AM - edited ‎03-09-2019 08:42 PM

Hello All,

Does anyone know which rules in CS-MARS or Which Rule group is associated with Netflow. i.e. which rule or rules will trigger an incident when a Netflow Event is detected?

Labels:
0 Helpful
1 Reply 1

mhellman
Level 7
Level 7

‎05-15-2008 04:33 AM

FWIW, there's a new MARS group here:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=MARS&topic=Discussions

I can't say that I know them all, but I think this is the main one:

netflow events get mapped to the "Built/teardown/permitted IP connection" event type, which in turn is part of the "Info/AllSession" event type group. Look for the event type and the event type group in inspection rules to find out where they apply.

0 Helpful
Customers Also Viewed These Support Documents