Hi, i guess it would be nice to discuss the options that we would like to see in MARS, may be in the next releases. It would give a good comparison in a way that the feedback from others in guiding to know if my/or your required features are already there in MARS or we might be needing some future releases to give us that, so here are few.
1. First, i don't know if it is already there, but i could not find it, i.e the attack diagram of old incidents (just like the ones on the main dash board for the past 2 hour incidents)
2. second, as everyone needs it, ability to customize the SVG topology, ability to do the extractions
3. Ability to control the device through MARS instead of using the RESPONSE (mitigation) feature, some sort of limited LMS/CSM feature based on the attacks, i know there are ACLS provided for most (if not each) incidents, but...it would be fun to control the device through it :)(i don't know if it is too much to ask in a it, or it is some thing not even desriable for an NBA tool, but remeber, its a mitigation tool :) )
4. This box should give some sort of consultancy as it is given the authhority by the network admin to examin and keep a history/topology of the whole network, so instead of just checking the abonromality/anomoly, it should devise standard based instructions/configurations/designs so that one should be able to use it as a proactive tool instead of a reactive one.
Hope this is not going to be rocket science :) , and thats how i would like it more.