08-26-2008 09:27 AM
I get these alerts from an IIS box, but they do not include the source ip address so that I can null route them. Anyone know how to inlcude this information? Is it a snare feature.
08-26-2008 12:12 PM
Have you clicked the ICON of the ISS box in the MARS incident to check the 'RAW Event Message'?
Regards
Farrukh
08-26-2008 12:18 PM
Yes, I have. The raw message says it is sourced from 0.0.0.0 I am hoping it is a SNARE feature or windows security policy thing. It is not MARS fault, it is reporting what it gets..
08-26-2008 12:24 PM
Ahh OK, the Windows thing is out of my domain sorry, I suck at it :)
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: