Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi AllRecently I was playing with NetFlow and Query Result types and thought to myself: How does MARS calculate "bytes transmitted" for a session? As we know, MARS does not store NetFlow records into DB by default. So, does MARS maintain some other d...
Hello, everybody.Today I was revising our strategy for IPS event filtering and one question came to me:In what practical cases "Deny Percentage" value less than 100% should be (or may be) used?Thanks in advance!
Hi, everybody. According to the docs, a session is a collection of events withing a predefined time frame that share a common end-to-end information. Does anybody know this time frame? I didn't find it using google Thanks in advance!
Good day every body! I am using 4215 IPS-K9-6.0-4a-E1 image. Recently our sensor started to generate a lot of errors like that (when connected by IDM):evError: eventId=1208572151825393108 severity=error vendor=Cisco originator: hostId: sens-1 ...
Hi everyone! I have one question concerning frame relay switching... Perhaps anyone could help me please with that?So, the here is the task:Router2(Serial0) - (Serial0)Router1(Serial1) - (Serial1)Router3*Router1:*frame-relay switchinginterface Seria...
Thanks for your answer! But I still have not clear understanding.Imagine, that the processing was as follows:1. At 9:30:31 MARS polls for IPS before NAT via SDEE and receives an alert with particular AaBb2. At 9:31:15 MARS polls for IPS after NAT via...
Initially I was also thinking that this feature could conceal the fact that there is an IPS denying some sort of traffic, instead imitating congestion or other network problems. But I cannot imagine the real use case, even with P2P traffic. It seems ...
Thank you! You are right! Packet display worked! I've found the one who tested IDS Event Viewer. He told me that he had't imagined that IDS Event Viewer tries to connect to IDSes without running GUI
