Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How many rules in MARS by default? How/where to upgrade?

I am taking over management of a MARS running 3.4 code. There are 102 system inspection rules, no user inspection rules, and no drop rules. How many are there by default? This doesn't seem like very many, at least compared to another vendor's system I've used in the past. Is there a site that has predefined rules (outside of having smartnet), as I'd prefer to not have to generate them (or at least many) manually?

Thank you.

3 REPLIES
Anonymous
N/A

Re: How many rules in MARS by default? How/where to upgrade?

The over 100 inspection rules that ship with CS-MARS are called System Inspection Rules.

Inspection Rules .

Global User Inspection Rules .

Drop Rules .

New Member

Re: How many rules in MARS by default? How/where to upgrade?

I understand these are system rules. My concern is that there should be considerably more system rules by default in MARS. I've configured a couple snort with acid IDS systems, and there were probably a thousand rules.

Gold

Re: How many rules in MARS by default? How/where to upgrade?

didn't you have to create/configure the rules with acid/snort? It's no different with the csmars. It ships with some, yes...but you have to configure it to your needs. Hell, the thing is how many signatures back from the Cisco IPS?...every one of those signatures it doesn't understand requires you own custom rule if you plan to do anything with the alarms.

119
Views
4
Helpful
3
Replies
CreatePlease to create content