07-09-2010 10:49 AM
I´d like to know how can I implement the feature of shutdown a port swtich using SNMP RW string, and also if exist another action that mars can take regarding an attack
Thank You
Solved! Go to Solution.
07-09-2010 11:45 AM
Hi Andres,
All of the information regarding the mitigation functionality of the MARS can be found in the user guide here:
Note that a prerequesite for performing mitigation is that you've configured the mitigation device with an SNMP RW string. This is done on the device information page ( Admin -> System Setup -> Security and Monitor Devices, and Edit the particular switch device). The field labeld "SNMP RO Community" on this page can actually be populated with the RW string for this purpose.
Best Regards,
JT
07-09-2010 11:50 AM
Incidentally, there is a cosmetic defect opened for the "SNMP RO Community" to change the label to indicate that the field is also used for the RW string. Documented under ID CSCsd05614
-JT
07-13-2010 04:34 AM
That is correct - CS-MARS cannot automatically take mitigative action. The incident needs to be manually reviewed, and then mitigation action can be taken from that specific incident as available (correct layer-2/layer-3 device access in the incident path).
Scott
07-09-2010 11:45 AM
Hi Andres,
All of the information regarding the mitigation functionality of the MARS can be found in the user guide here:
Note that a prerequesite for performing mitigation is that you've configured the mitigation device with an SNMP RW string. This is done on the device information page ( Admin -> System Setup -> Security and Monitor Devices, and Edit the particular switch device). The field labeld "SNMP RO Community" on this page can actually be populated with the RW string for this purpose.
Best Regards,
JT
07-09-2010 11:50 AM
Incidentally, there is a cosmetic defect opened for the "SNMP RO Community" to change the label to indicate that the field is also used for the RW string. Documented under ID CSCsd05614
-JT
07-09-2010 12:30 PM
Thank you Juteixei, has been very helpful.
07-12-2010 09:00 AM
Hi Juteixei,
I have a doubt, Regarding the mitigation feature on Mars, Is possible automate the shutdown command?
I asking this because the documentation says that only once ocurred the atack you can mitigate it.
Thank you!
07-13-2010 04:34 AM
That is correct - CS-MARS cannot automatically take mitigative action. The incident needs to be manually reviewed, and then mitigation action can be taken from that specific incident as available (correct layer-2/layer-3 device access in the incident path).
Scott
07-13-2010 06:49 AM
I appreciate it.
Thank you Scott!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide