hi! we do have many hijacks on our mars due to the vss core. we do not want to disable hijacks on the ips systems completely - but to change the severity for hijacks from red to yellow would be very helpful. is this possible? thank you! kr michael
Re: is it possible to alter an incidents severity?
It is not possible to change the severity for firing incidents in CS-MARS as it is a calculated value based on details specific to the incident. If you are not wanting to receive IPS alerts for a specific network behavior, you may want to look into creating an event action filter (EAF) on the IPS sensor to remove the produce alert action (device-side tuning) or create a drop rule within CS-MARS to only log the event to the CS-MARS database and not generate an incident (appliance-side tuning).
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
A More Intuitive Cognitiv...