MARS and IDSM2 logs

Answered Question
Aug 26th, 2010
User Badges:

Hi All,



I have MARS version 6.0.3 (3188) 32, when i try to add IDSM2 to it as a device i can't find the version of the IDSM2 in the MARS.


version of IDSM2 is  7.0.4(E4).


can anyone help me in this issue please.



Thanks in advance,


Ayman

Correct Answer by Scott Fringer about 6 years 10 months ago

Ayman;


CS-MARS will successfully parse signature events for your IDSM-2

running 7.0 software. However, CS-MARS will have no understanding of

the global correlation details which are new to the 7.0 release. If you

wish to be able to query/report on global correlation details within

CS-MARS, you will need to upgrade.


Once you upgrade, you can simply select the IDSM-2 in the 'Security

and Monitor Devices' list and click the "Change Version" button.


Scott

Correct Answer by Scott Fringer about 6 years 10 months ago

Aymen;


The upgrade process for CS-MARS is outlined here:


http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0...


The upgrade does not affect your existing configuration and incident data.


A standalone CS-MARS is the equivalent of a local controller in this

document.


Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
Scott Fringer Fri, 08/27/2010 - 05:36
User Badges:
  • Cisco Employee,

IPS 7.0 support was added in CS-MARS release 6.0.4.


Scott

ayman emara Sun, 08/29/2010 - 07:59
User Badges:

HI Scott,


How can i upgrade from 6.0.3 to 6.0.4 and does the upgrade of the MARS will affect the configuration or not ???



Thanks in advance


Ayman Yehia

ayman emara Fri, 09/03/2010 - 00:53
User Badges:

Hi Scott,


Thanks for the links but i managed to add the IPS as version 6 and it worked fine with the MARS.


Thanks


Ayman

Correct Answer
Scott Fringer Fri, 09/03/2010 - 03:30
User Badges:
  • Cisco Employee,

Ayman;


CS-MARS will successfully parse signature events for your IDSM-2

running 7.0 software. However, CS-MARS will have no understanding of

the global correlation details which are new to the 7.0 release. If you

wish to be able to query/report on global correlation details within

CS-MARS, you will need to upgrade.


Once you upgrade, you can simply select the IDSM-2 in the 'Security

and Monitor Devices' list and click the "Change Version" button.


Scott

Actions

This Discussion