CiscoWorks VMS Event Viewer usage compared with MARS

Unanswered Question
Oct 22nd, 2008

I've been using VMS Security Monitor Event Viewer to monitor IPS sensors for the past few years. I'm used to the workflow of reviewing events in Event Viewer and then resolving them and sometimes removing them from the grid.

I'm beginning to use MARS and I'd like to know what the equivalent of resolving and removing from grid in MARS is or is this something you don't do in MARS and you work differently with the events in MARS?

Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Fri, 10/24/2008 - 21:18

The actual replacement for the IDS Event Viewer is the IPS Manager Express (IME) and not MARS. If you are looking for real-time monitoring and filtering of events for upto 5 sensors, then IME is the way to go. MARS is more of a SIM/SEM tool that collects logs from 'various' devices and 'correlates' those events into meaningful 'incidents'. It does the same for IPS devices. But you won't see 'every' event in the MARS Incidents page (as every event is not an incident). You have to run a query for that (Historical or real-time).

Regards

Farrukh

Actions

This Discussion