I recently have started to study the MARS capabilities, and there are a few things which I don't understand.
1. What information should contain the Dynamic info in the device information window?
I have set on equipments the snmp rw communities, syslogs, netflow, ssh/telnet access for MARS(ASA 8.x, IOS routers 12.4, IOS switches 12.2).
For stations I have configured dot1x and MARS is receiving logs from the ACS.
But Dynamic Info contains no information at all for none of this equipments. I have some session information in case of desktops reported by CSA but it's unclear what are the meanings of them as no such connection exists at the moment for that station.
79.85.XX.XX N/A N/A N/A dell (Cisco,CSA,5.x) Feb 17, 2009 8:02:27 PM EET Present Feb 17, 2009 8:02:27 PM EET
2. Where should appear the current NAT translations ? I tried to do a query for this but no data was returned.
3. How accurate can be the hotpsot graph or the path information of an attack generated by MARS ?
I have the following scenario:
pc - l2 sw - l3 sw - ASA
On the Network diagram everything appears to be connected to a cloud . Is this the normal behavior?
As I observed sometimes L2 devices are missing from the path information.
Sorry for the long post:) but I spent a whole day to find an answer for this questions without any success.
Mars Version: 6.0.2 (3102)