Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
614
Views
0
Helpful
2
Replies

MARS Asset Level of Concern

chris.taylorvt02
Level 1
Level 1

‎08-05-2009 10:08 AM

I'm trying to find out how I can manage the severity levels of incidents that are generated from different event generators on the network.

Any assistance would be appreciated.

Labels:
0 Helpful
2 Replies 2

ivillegas
Level 6
Level 6

‎08-11-2009 02:28 PM

You can change the logging severity level of the required system log messages or turn off specific system log messages using the logging message command.

Verify that all the Syslog event severity levels that need to be sent to MARS are configured. Verify which Syslog severity levels that are enabled by selecting Configuration > Report Settings > Log Settings.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/csmars.pdf

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-22-2009 12:04 AM

Hello Chris

You cannot control the severity level for events bult-in to MARS, you can only do this for the custom event types you create (Parser).

You can tune out the incidents you don't like why the 'False Positive Tuning' feature (Drop Rules).

REgards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents