MARS Asset Level of Concern

Unanswered Question
Aug 5th, 2009

I'm trying to find out how I can manage the severity levels of incidents that are generated from different event generators on the network.

Any assistance would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ivillegas Tue, 08/11/2009 - 14:28

You can change the logging severity level of the required system log messages or turn off specific system log messages using the logging message command.

Verify that all the Syslog event severity levels that need to be sent to MARS are configured. Verify which Syslog severity levels that are enabled by selecting Configuration > Report Settings > Log Settings.

Farrukh Haroon Sat, 08/22/2009 - 00:04

Hello Chris

You cannot control the severity level for events bult-in to MARS, you can only do this for the custom event types you create (Parser).

You can tune out the incidents you don't like why the 'False Positive Tuning' feature (Drop Rules).




This Discussion