cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
309
Views
0
Helpful
1
Replies

IOS required for signatures to send to MARS

mmertens
Level 1
Level 1

I understand there is IOS that contains security signatures that can send syslog messages back to MARS for signatures alerts. Are these signatures in IP Base or is there another train required? I tried doing the software advisor tool but couldn't find anything. Thanks!

Mike.

1 Accepted Solution

Accepted Solutions

rhermes
Level 7
Level 7

You do not get the IDS/IPS features in the IP Base IOS. The feature you're looking for is IDS and/or IPS. It is included in the Enhanced Security and FW/IDS IOS releases. Please note there are significant changes between pre and post 12.4.11T IOS releases (mostly the diference between ver 4.x and ver 5.x signatures).

If you want reporting data fed into CSM, you will get more data fields if the signature event stream is SDEE rather than Syslog.

View solution in original post

1 Reply 1

rhermes
Level 7
Level 7

You do not get the IDS/IPS features in the IP Base IOS. The feature you're looking for is IDS and/or IPS. It is included in the Enhanced Security and FW/IDS IOS releases. Please note there are significant changes between pre and post 12.4.11T IOS releases (mostly the diference between ver 4.x and ver 5.x signatures).

If you want reporting data fed into CSM, you will get more data fields if the signature event stream is SDEE rather than Syslog.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: