cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
434
Views
0
Helpful
1
Replies

Help with a rule setup

koeppend
Enthusiast
Enthusiast

Hi all

I would like to create a rule that will page and email administrators of events such as what you see in the picture.

I had my team perform an ethical hack on a customers perimeter gateway and watched what MARS would do.

I want a rule that will email and page the admins when the activity of a host gets above the 3000 avg/min mark.

Any suggestions how the rule would look like? Or if it is even possible to create a real time report that will alert admins

Regards

Dale

1 Reply 1

aghaznavi
Contributor
Contributor

You must configure email alerts on a per-rule basis. Create a custom rule (Rules > Add), and then choose any for all parameters except severity. For the severity parameter, choose RED, and set an action to email to configure email alerts on MARS for all severity level RED rules.

To send alert notifications to individual users or groups of users, configure the Action parameters of a rule to create an alert action

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/alerts.html#wp139732

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers