Hi, being new to the concept of correlation and deep packet inspection, i have few design related (to CS-MARS) questions.
- How isthe incident analyzed? I have only 1 incident "Inactive CS-MARS reporting device".. What does this mean, and how to go through complications in order to understand.
- I have enable netflow in a reouter, and getting it on another machine running a 3rd party netflow analyzer succesffuly. But when i redirect the netflow to MARS,(and configure the device in Netflow config, it does not seems to be acceptign the flows as it doesn not show any received netflow event. Where can i check and resolve this issue?