Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Does anyone know if it is possible to create an event action filter (IPS v5.1.5) that will also suppress summary events? I have a few signatures that I'm filtering, but still regularly see a ridiculously high number of summary events being reported....
Hello,Is it possible to update MARS to understand and process the latest/greatest release version of IPS signatures we have deployed to our production sensors? All I have been able to find so far are the periodic update packages released as software...
I am trying to figure out if there is any way I can define a custom client firewall agent. Specifically I am looking to check for eEye's Blink HIPS agent. Ideally it would be great if this were fully supported/integrated similar to the various Zone...
Hello,I would like to define a SPAN session and output traffic to multiple destination ports. I am running into limitations on the Catalyst 2950 and 3550 switches of only being able to define one or two destination ports for this traffic - in most c...
I am looking at this too; essentially trying to extend a bridge across an IPSEC tunnel. Bidirectional traffic would be desirable. I am about to start working this out in the lab. I'll let you know if I have any success - I suspect there is a good ...
That's what I was afraid of. I have to hope that they address this soon; we've been using VMS for years and have grown used to having signatures understood as soon as they are updated. Interestingly we also run a 3rd party SIM that tends to run abo...
Marcoa,Back in December you responded to a post on this topic with the following information, "SecMon monitoring an IPS version 6.0 was tested. The existing SecMon version Can monitor IPS 6.0, but will only show the fields in the alerts that existed ...
It is good to hear that MARS is working for you. My objection to MARS is based on already having much of the functionality offered by MARS being provided by existing systems. I have no desire to replace the existing solutions as they are working wel...
Thank you for this clear response. It would be helpful to include this as a note in either the 6.0(1) Release Notes or somewhere in the VMS documentation. I already looked in both for this information.I would like to also join the petition of reque...
