is it possible to alter an incidents severity?

Unanswered Question
Mar 15th, 2010

hi! we do have many hijacks on our mars due to the vss core. we do not want to disable hijacks on the ips systems completely - but to change the severity for hijacks from red to yellow would be very helpful. is this possible? thank you! kr michael

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fringer Tue, 08/17/2010 - 04:32

It is not possible to change the severity for firing incidents in CS-MARS as it is a calculated value based on details specific to the incident.  If you are not wanting to receive IPS alerts for a specific network behavior, you may want to look into creating an event action filter (EAF) on the IPS sensor to remove the produce alert action (device-side tuning) or create a drop rule within CS-MARS to only log the event to the CS-MARS database and not generate an incident (appliance-side tuning).

Scott

Actions

This Discussion

Related Content