I´d like to know how can I implement the feature of shutdown a port swtich using SNMP RW string, and also if exist another action that mars can take regarding an attack Thank You
I´d like to know how can I implement the feature of shutdown a port swtich using SNMP RW string, and also if exist another action that mars can take regarding an attack
That is correct - CS-MARS cannot automatically take mitigative action. The incident needs to be manually reviewed, and then mitigation action can be taken from that specific incident as available (correct layer-2/layer-3 device access in the incident path).
Incidentally, there is a cosmetic defect opened for the "SNMP RO Community" to change the label to indicate that the field is also used for the RW string. Documented under ID CSCsd05614
All of the information regarding the mitigation functionality of the MARS can be found in the user guide here:
Note that a prerequesite for performing mitigation is that you've configured the mitigation device with an SNMP RW string. This is done on the device information page ( Admin -> System Setup -> Security and Monitor Devices, and Edit the particular switch device). The field labeld "SNMP RO Community" on this page can actually be populated with the RW string for this purpose.