We bought 2 IDSMs, and currently are in the stage of evaluating different Management & Monitoring software, like MARS,Enterasys, etc, and would appreciate your hands-on experience and comments. thanks.
I have two IDSMs online in our two 6513 and one MARS 50 to gather the information. I use the web interface, IDM, supplied with the IDSMs to manage the devices but only use MARS to monitor the dataflow, so far I haven't tuned any signatures on the IDSMs, I let MARS drop the false positives as suggested by the MARS manual.
I have worked alot with Snort and ACID before, although it cannot compare to the IDSM/MARS setup it is the only previous experience I have in security monitoring. I would say the MARS is a great tool for monitoring company wide security events and it helps you declutter the IDS traffic but it doesn't really "manage" the IDSMs as such, for that you might need another tool.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...