cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
546
Views
0
Helpful
1
Replies

Help with a rule setup

koeppend
Level 4
Level 4

Hi all

I would like to create a rule that will page and email administrators of events such as what you see in the picture.

I had my team perform an ethical hack on a customers perimeter gateway and watched what MARS would do.

I want a rule that will email and page the admins when the activity of a host gets above the 3000 avg/min mark.

Any suggestions how the rule would look like? Or if it is even possible to create a real time report that will alert admins

Regards

Dale

1 Reply 1

aghaznavi
Level 5
Level 5

You must configure email alerts on a per-rule basis. Create a custom rule (Rules > Add), and then choose any for all parameters except severity. For the severity parameter, choose RED, and set an action to email to configure email alerts on MARS for all severity level RED rules.

To send alert notifications to individual users or groups of users, configure the Action parameters of a rule to create an alert action

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/alerts.html#wp139732