ISDM Mgmt & Monitoring

Unanswered Question
Sep 20th, 2007
User Badges:

We bought 2 IDSMs, and currently are in the stage of evaluating different Management & Monitoring software, like MARS,Enterasys, etc, and would appreciate your hands-on experience and comments. thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
hoffa2000 Tue, 09/25/2007 - 08:48
User Badges:


I have two IDSMs online in our two 6513 and one MARS 50 to gather the information. I use the web interface, IDM, supplied with the IDSMs to manage the devices but only use MARS to monitor the dataflow, so far I haven't tuned any signatures on the IDSMs, I let MARS drop the false positives as suggested by the MARS manual.

I have worked alot with Snort and ACID before, although it cannot compare to the IDSM/MARS setup it is the only previous experience I have in security monitoring. I would say the MARS is a great tool for monitoring company wide security events and it helps you declutter the IDS traffic but it doesn't really "manage" the IDSMs as such, for that you might need another tool.




This Discussion