Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Cisco MARS upgrade has been posted to Cisco's web site. It is a large upgrade and has special instructions.I did not see any notes for support of Cisco IPS 6.0 new fields.Web Site http://www.cisco.com/cgi-bin/tablebuild.pl/cs-mars
Cisco has announced the availability of IPS version 6.0.The Cisco Intrusion Prevention Solution Team is pleased to announce the release of IPSv6.0 sensor software. As a key component of Cisco?s Self Defending Network, IPSv6.0 delivers market leading...
Signature tripping on the following contents. Is this an invalid ftp command? or does the signature need tunning?0x0000 0000 0014 005e 0029 0047 0045 0000 0018 0019 000a 0070 0000 0008 0000 0045 0000 ....^)GE........p......E.. 0x0010 0000 003a fff...
Has anyone had any success using the monitor resource usage function for Cisco MARS? How long does it take to baseline or does it baseline?Message recievedDevice Resource Usage Anomaly: current inbound packet error rate is 90.9 percent for Device dev...
There is a demo or 30 day license that you can install until you put the device under maintenance.https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet?DemoKeys=Y
Have you tried sending Netflow from those three routers? Maybe syslog is not sending enough information for Cisco MARS to correlate those events into a portsweep/syn attack. Do you have any IDS that could report to MARS? Those products are capable of...
You have to use another product to create those email alerts. The best product to use is Cisco MARS.Each copy of IDSM was shipped with a copy of Cisco VMS 2.3 product. VPN/Security Managment solution is capable of sending email alerts based on rules.
It would make more sense for Cisco to fix the problem with the monitoring than to turn off the monitoring function. Why even have it as an option if it does not work?
What would you recommend for my environment auth is a normal command?Looks like I am also seeing trigger packets for auth tls.ThanksJohn triggerPacket: 000000 00 18 19 0A 70 00 00 14 F2 92 F8 1A 08 00 45 00 ....p.........E.000010 00 32 DA B6 40 ...
