Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IOS required for signatures to send to MARS

I understand there is IOS that contains security signatures that can send syslog messages back to MARS for signatures alerts. Are these signatures in IP Base or is there another train required? I tried doing the software advisor tool but couldn't find anything. Thanks!

Mike.

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: IOS required for signatures to send to MARS

You do not get the IDS/IPS features in the IP Base IOS. The feature you're looking for is IDS and/or IPS. It is included in the Enhanced Security and FW/IDS IOS releases. Please note there are significant changes between pre and post 12.4.11T IOS releases (mostly the diference between ver 4.x and ver 5.x signatures).

If you want reporting data fed into CSM, you will get more data fields if the signature event stream is SDEE rather than Syslog.

1 REPLY
Gold

Re: IOS required for signatures to send to MARS

You do not get the IDS/IPS features in the IP Base IOS. The feature you're looking for is IDS and/or IPS. It is included in the Enhanced Security and FW/IDS IOS releases. Please note there are significant changes between pre and post 12.4.11T IOS releases (mostly the diference between ver 4.x and ver 5.x signatures).

If you want reporting data fed into CSM, you will get more data fields if the signature event stream is SDEE rather than Syslog.

120
Views
0
Helpful
1
Replies
CreatePlease to create content