is it possible to alter an incidents severity?

Unanswered Question
Mar 15th, 2010
User Badges:

hi! we do have many hijacks on our mars due to the vss core. we do not want to disable hijacks on the ips systems completely - but to change the severity for hijacks from red to yellow would be very helpful. is this possible? thank you! kr michael

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fringer Tue, 08/17/2010 - 04:32
User Badges:
  • Cisco Employee,

It is not possible to change the severity for firing incidents in CS-MARS as it is a calculated value based on details specific to the incident.  If you are not wanting to receive IPS alerts for a specific network behavior, you may want to look into creating an event action filter (EAF) on the IPS sensor to remove the produce alert action (device-side tuning) or create a drop rule within CS-MARS to only log the event to the CS-MARS database and not generate an incident (appliance-side tuning).


Scott

Actions

This Discussion

Related Content