cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
945
Views
0
Helpful
1
Replies

is it possible to alter an incidents severity?

m.slunsky
Level 1
Level 1

hi! we do have many hijacks on our mars due to the vss core. we do not want to disable hijacks on the ips systems completely - but to change the severity for hijacks from red to yellow would be very helpful. is this possible? thank you! kr michael

1 Reply 1

Scott Fringer
Cisco Employee
Cisco Employee

It is not possible to change the severity for firing incidents in CS-MARS as it is a calculated value based on details specific to the incident.  If you are not wanting to receive IPS alerts for a specific network behavior, you may want to look into creating an event action filter (EAF) on the IPS sensor to remove the produce alert action (device-side tuning) or create a drop rule within CS-MARS to only log the event to the CS-MARS database and not generate an incident (appliance-side tuning).

Scott

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: