Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
1
Replies

Incident...what incident?

cweatherford
Level 1
Level 1

‎01-09-2009 12:18 PM

I run the report 'activity:attacks seen - Top reporting devices' every hour... So I see which devices have the most incidents and now i want to know what they are. Well, there is no link to take me to them. So I log into MARS...now what? If i go to the incidents tab it shows me all of the events...but no details. So I have to click on each event?

Mars needs more drill down. Has anyone else run into this or found a way around it?

Labels:
0 Helpful
1 Reply 1

didyap
Level 6
Level 6

‎01-15-2009 08:52 AM

When you click the Incident ID, the Incident Details table appears in a separate browser connected to the Local Controller that recorded the event.

Each row of the Incident Details table represents either a session or the information common to a group of sessions. You can see all of the collapsed session information by clicking the plus signs to expand the group. You can expand or collapse all of the incident's information by clicking the Expand All orCollapse All buttons.

For the further description following URL may help you

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/invest.html#wp800363

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents