sessionization bug in CSMARS 4.2.2

Unanswered Question
Oct 26th, 2006
User Badges:
  • Blue, 1500 points or more

FYI, the latest version of CSMARS appears to have a pretty significant bug in the way IPS events are sessionized (whatever that means). The bottom line is that incidents/sessions containing IPS alarms are occassionally a garbled up mess in CSMARS (unrelated alarms get "sessionized" and combined together, even though ip/port combinations are different). If you haven't upgraded yet and you have multiple IPS sensors, you might want to wait until this gets fixed.

I take issue with Cisco calling the issue "rare"...we've had 23 incidents in the last 24 hours with IPS alarms, and 5 of them exhibit this bug.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion