Currently we are using VMS to run daily reports on our severity high events on our IPS sensors. We are holding out on going to CSM until we get this style report moved onto our MARS appliance. Has anyone created a report in MARS for severity high events that includes, source ip and port, destination ip and port, timestamp, and event type that can be exported to csv? I tried all matching sessions with custom columns and that will output html correctly but I hit a bug when you try to output .csv. (Cisco states the bug should be fixed by year end)
I am open to any thoughts or recommendations for using MARS to generate reports to give to SOX auditors in regards to IPS events.