CiscoWorks VMS Event Viewer usage compared with MARS
I've been using VMS Security Monitor Event Viewer to monitor IPS sensors for the past few years. I'm used to the workflow of reviewing events in Event Viewer and then resolving them and sometimes removing them from the grid.
I'm beginning to use MARS and I'd like to know what the equivalent of resolving and removing from grid in MARS is or is this something you don't do in MARS and you work differently with the events in MARS?
Re: CiscoWorks VMS Event Viewer usage compared with MARS
The actual replacement for the IDS Event Viewer is the IPS Manager Express (IME) and not MARS. If you are looking for real-time monitoring and filtering of events for upto 5 sensors, then IME is the way to go. MARS is more of a SIM/SEM tool that collects logs from 'various' devices and 'correlates' those events into meaningful 'incidents'. It does the same for IPS devices. But you won't see 'every' event in the MARS Incidents page (as every event is not an incident). You have to run a query for that (Historical or real-time).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...