- Blue, 1500 points or more
FYI, the latest version of CSMARS appears to have a pretty significant bug in the way IPS events are sessionized (whatever that means). The bottom line is that incidents/sessions containing IPS alarms are occassionally a garbled up mess in CSMARS (unrelated alarms get "sessionized" and combined together, even though ip/port combinations are different). If you haven't upgraded yet and you have multiple IPS sensors, you might want to wait until this gets fixed.
I take issue with Cisco calling the issue "rare"...we've had 23 incidents in the last 24 hours with IPS alarms, and 5 of them exhibit this bug.