Hello. I need to determine who is using pptp and would like to do this by running a MARS query. What's the best way to set up a query to detemrine this? I didn't see GRE listed in the MARS services but I did see ms-pptp (basically dst port 1723). Is ...

Hello. I duplicated the system rule "Sudden increase of traffic to a port" in MARS and it blew out the original system rule and now shows up as a user rule. It doesn't appear to be working either. It is active. Not sure what to make of this, and neit...

Hi. I'm having trouble with "Sudden increase of traffic to a port" rule not firing. I think there is an issue with the event itself. I'd like to verify the event ID and groups associated with it. Can someone please provide me with this info? Thanks!C...

It seems that 1330 and other normalizer sigs are causing Cicso (and myself) some grief (as evident in CSCsc37875). I am wondering if I can just disable 1330 and all the subs entirely. I am seeing this sig (1330/14 in particular) fire alot. I set the ...

After my IDSM-2 crashed, I got a dump and noticed the following error:13Sep2006 15:35:11.250 2.010 sensorApp[13544] sensorApp/W errWarning Producer appears to be out of superblocks...consider configuring TCPReassemblyMode to loose FreeBlocks: 9Can an...