Hello Guys,I need help here. We are getting numerous number of incident in one of our CS-MARS regarding Scans-Stealth system rule. This rule triggered by event type TCP FIN Host Sweep. The source ip's were internal our network and destined to externa...
Hello,As I monitored the CS-MARS incidents, I noticed that the System Rule: Modify Network Config constantly firing but we haven't done any changes in the device. The reporting device is ASA firewall which sends syslog messages to CS-MARS. Below...
We haven't decided yet. Most probably we will continue to monitor this event and not tuning this out. Our client wants to see P2P activity and to know who's using P2P clients so they can uninstall it in their workstation.Mahalo,Carlou
Thank guys for your help. But if we increase the threshold of this signature and filter this out we will not able to detect some P2P activity. We are monitoring schools network and we all know that most of the student use P2P for sharing files. Some ...
hello,When I upgrade the mars to 4.3.1. I've noticed that the mars doesn't received any logs from IPS,ASA and other reporting device. But when I check ASA and IPS, i'm pretty sure that the ASA and IPS were sending syslogs alerts to mars the only pro...