How does CS-MARS rate Incident Severity?

Unanswered Question
Jul 6th, 2009

Reason I'm asking is that I have two events, "Suspicious files in Email - Netsky worm" and "CA BrightStor ARCserve Backup Listservcntrl ActiveX Overflow" that came up in CS-MARS that were detected by an ASA IPS modules. Both signatures on IPS had RR=100, TR=65 and in CS-Mars both are classified as Event Severity=Red. Both had been tuned as "system confirmed false positive" but in the case of the Netsky worm, the Incidents were low severity, and in the CA BrightStor, the Incidents were high severity? How did MARS rate the Incidents?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion