06-26-2009 05:04 AM - edited 03-10-2019 04:40 AM
Hi,
i am running a network having 30 IPS (which indcludes SSM20s, IDSMs and IPS 44XX).
i dont have mars device. Is there any way to retrieve events from all the IPS to one central location using csmanager ??
or is there any freeware that can do the job.
Thanks in advance
06-26-2009 07:12 AM
CSM doesn't collect events, it can only be used to manage the signatures and configurations on your sensors. To collect events you'll need a SIM like MARS, NetForenisics, Intelitactics that has an SDEE (version 7.x has a newer protocol that is backards compatible with SDEE, I forget it's name) listener.
There were some open source pieces you could try to put together yourself, but nothing I know of that is preassembled.
Alternately, you could option all your enabled signatures to fire off an SNMP trap and collect those with a free SNMP receiver.
06-28-2009 01:16 AM
Thanks for the reply.
i tried receiving events with an CA`s snmp receiver but the events i m receiving are not readable ..
can u sugggests any receiver.
10-19-2009 04:40 AM
You may use OpenNMS as free traps receiver.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: