Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
0
Helpful
1
Replies

Help with a rule setup

koeppend
Enthusiast
Enthusiast

‎09-16-2009 05:16 PM

Hi all

I would like to create a rule that will page and email administrators of events such as what you see in the picture.

I had my team perform an ethical hack on a customers perimeter gateway and watched what MARS would do.

I want a rule that will email and page the admins when the activity of a host gets above the 3000 avg/min mark.

Any suggestions how the rule would look like? Or if it is even possible to create a real time report that will alert admins

Regards

Dale

Labels:
Preview file
34 KB
0 Helpful
1 Reply 1

aghaznavi
Contributor
Contributor

‎09-22-2009 11:31 AM

You must configure email alerts on a per-rule basis. Create a custom rule (Rules > Add), and then choose any for all parameters except severity. For the severity parameter, choose RED, and set an action to email to configure email alerts on MARS for all severity level RED rules.

To send alert notifications to individual users or groups of users, configure the Action parameters of a rule to create an alert action

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/alerts.html#wp139732

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents