Just wanted to see what other people have going on with their MARS set up.
What do you have set up for mitigation? How long did you have MARS setup "passively" before configuring rules to actively mitigate?
Has MARS saved the day in response to a threat?
Do you have 'everythign but the kitchen sink' monitored by MARS like database servers, web servers, etc or just network/firewall devices?
thanks, just trying to get some feedback from more experienced MARS users.