MARS 6.0.4 reporting for IPS 7.0 Global Correlation Reputation Filtering

Unanswered Question
Aug 27th, 2009

Does anyone know if there is a report available in MARS to see what IP addresses were denied by Reputation Filtering on IPS 7.0?

I found a report that shows attacks that were prevented due to global correlation score, but not for packets denied by Reputation Filtering.

Replies are greatly appreciated.

Thanks,

Mark

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gmarogi Wed, 09/02/2009 - 07:35

If you want a report of what could have happened, you can enable Test Global Correlation. This puts the sensor in Audit mode, and actions the sensor would have performed are generated in the events.

MARK BAKER Wed, 09/02/2009 - 07:42

Thanks for the reply, but what I am looking for is reporting on what packets were dropped with Reputation Filtering(doesn't have a report in MARS) Not the GLobal Correlation risk rating blocks(Which does have a report available in MARS).

Actions

This Discussion