Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
974
Views
0
Helpful
1
Replies

is it possible to alter an incidents severity?

m.slunsky
Level 1
Level 1

‎03-15-2010 11:46 AM

hi! we do have many hijacks on our mars due to the vss core. we do not want to disable hijacks on the ips systems completely - but to change the severity for hijacks from red to yellow would be very helpful. is this possible? thank you! kr michael

Labels:
0 Helpful
1 Reply 1

Scott Fringer
Cisco Employee
Cisco Employee

‎08-17-2010 04:32 AM

It is not possible to change the severity for firing incidents in CS-MARS as it is a calculated value based on details specific to the incident.  If you are not wanting to receive IPS alerts for a specific network behavior, you may want to look into creating an event action filter (EAF) on the IPS sensor to remove the produce alert action (device-side tuning) or create a drop rule within CS-MARS to only log the event to the CS-MARS database and not generate an incident (appliance-side tuning).

Scott

0 Helpful
Customers Also Viewed These Support Documents