MARS Vulnerability Assessment

Unanswered Question
May 14th, 2007
User Badges:

We tried turning on the VA capabilities of MARS and it appears that they were crashing a number of services on a number of servers.

Where can I get a log of what was scanned, what type of scan was performed, and when it was performed?

Also how can I see what event triggered a vulnerability scan?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
pmccubbin Tue, 05/15/2007 - 09:27
User Badges:
  • Silver, 250 points or more

I've yet to use this feature of MARS on a production network. I can tell you what the book by Dale Tesch has to say about your question regarding the VA logs:

"Vulnerability data cannot be viewed in CS-MARS."

The book goes on to state, "CS-MARS does not do a full-blown VA on a target machine but it selects tests to run based on the traffic seen."

This doesn't appear to be a well documented feature of MARS. Hopefully Cisco will augment the literature on this subject. For now the VA process may simply fall under the category, as much of MARS does, of being proprietary information.

Hope this helps, Chris.


This Discussion