MARS and IDSM2 logs

Answered Question
Aug 26th, 2010

Hi All,

I have MARS version 6.0.3 (3188) 32, when i try to add IDSM2 to it as a device i can't find the version of the IDSM2 in the MARS.

version of IDSM2 is  7.0.4(E4).

can anyone help me in this issue please.

Thanks in advance,

Ayman

I have this problem too.
0 votes
Correct Answer by Scott Fringer about 6 years 3 months ago

Ayman;

CS-MARS will successfully parse signature events for your IDSM-2

running 7.0 software. However, CS-MARS will have no understanding of

the global correlation details which are new to the 7.0 release. If you

wish to be able to query/report on global correlation details within

CS-MARS, you will need to upgrade.

Once you upgrade, you can simply select the IDSM-2 in the 'Security

and Monitor Devices' list and click the "Change Version" button.

Scott

Correct Answer by Scott Fringer about 6 years 3 months ago

Aymen;

The upgrade process for CS-MARS is outlined here:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0...

The upgrade does not affect your existing configuration and incident data.

A standalone CS-MARS is the equivalent of a local controller in this

document.

Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
ayman emara Sun, 08/29/2010 - 07:59

HI Scott,

How can i upgrade from 6.0.3 to 6.0.4 and does the upgrade of the MARS will affect the configuration or not ???

Thanks in advance

Ayman Yehia

ayman emara Fri, 09/03/2010 - 00:53

Hi Scott,

Thanks for the links but i managed to add the IPS as version 6 and it worked fine with the MARS.

Thanks

Ayman

Correct Answer
Scott Fringer Fri, 09/03/2010 - 03:30

Ayman;

CS-MARS will successfully parse signature events for your IDSM-2

running 7.0 software. However, CS-MARS will have no understanding of

the global correlation details which are new to the 7.0 release. If you

wish to be able to query/report on global correlation details within

CS-MARS, you will need to upgrade.

Once you upgrade, you can simply select the IDSM-2 in the 'Security

and Monitor Devices' list and click the "Change Version" button.

Scott

Actions

This Discussion