I have an IDSM and a MARS 50. On the IDSM I've created two custom signatures triggering on Request Regexp for webMSN and webICQ respectively. Both signatures are triggered OK and visible in the IDS event viewer.
I've also managed to import both as custom signatures into the MARS.
My problem is that the webICQ signature is parsed as "Unknown device event" while the webMSN signature is parsed correctly.
Both events seems to be tied to the correct IDS signature ID (60003 and 60004) but only one event is parsed ok.
Has anyone see something like this before?