Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Gold

sessionization bug in CSMARS 4.2.2

FYI, the latest version of CSMARS appears to have a pretty significant bug in the way IPS events are sessionized (whatever that means). The bottom line is that incidents/sessions containing IPS alarms are occassionally a garbled up mess in CSMARS (unrelated alarms get "sessionized" and combined together, even though ip/port combinations are different). If you haven't upgraded yet and you have multiple IPS sensors, you might want to wait until this gets fixed.

I take issue with Cisco calling the issue "rare"...we've had 23 incidents in the last 24 hours with IPS alarms, and 5 of them exhibit this bug.

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsg49227

126
Views
0
Helpful
0
Replies
CreatePlease to create content