Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

MARS Exclusions?

Is there a way to exclude certain IP Address's from mars? For instance i want to exclude the 200 events that Nessus scans produce, i cant seem to find a way to do this. Any help would be great thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: MARS Exclusions?

Please take mhellman's advice and read the Users Guide to get a better understanding of how Drop Rules work.

Though even better than the Users Guide is the book from Cisco Press, "Security Threat Mitigation and Response" by Dale Tesch. You should also certainly read the Users Guide but sometimes a second source helps to improve your understanding of a security device like MARS.

Hope this helps.

2 REPLIES
Gold

Re: MARS Exclusions?

yes, it is called a drop rule. Have you read the users guide yet?...it's in there. You can completely drop the events or just "log to db" (don't process inspection rules).

Silver

Re: MARS Exclusions?

Please take mhellman's advice and read the Users Guide to get a better understanding of how Drop Rules work.

Though even better than the Users Guide is the book from Cisco Press, "Security Threat Mitigation and Response" by Dale Tesch. You should also certainly read the Users Guide but sometimes a second source helps to improve your understanding of a security device like MARS.

Hope this helps.

126
Views
0
Helpful
2
Replies
CreatePlease to create content