Help with a rule setup

Unanswered Question
Sep 16th, 2009
User Badges:

Hi all


I would like to create a rule that will page and email administrators of events such as what you see in the picture.


I had my team perform an ethical hack on a customers perimeter gateway and watched what MARS would do.


I want a rule that will email and page the admins when the activity of a host gets above the 3000 avg/min mark.


Any suggestions how the rule would look like? Or if it is even possible to create a real time report that will alert admins


Regards

Dale



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aghaznavi Tue, 09/22/2009 - 11:31
User Badges:
  • Silver, 250 points or more

You must configure email alerts on a per-rule basis. Create a custom rule (Rules > Add), and then choose any for all parameters except severity. For the severity parameter, choose RED, and set an action to email to configure email alerts on MARS for all severity level RED rules.

To send alert notifications to individual users or groups of users, configure the Action parameters of a rule to create an alert action


http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/alerts.html#wp139732


Actions

This Discussion