Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How does CS-MARS rate Incident Severity?

Reason I'm asking is that I have two events, "Suspicious files in Email - Netsky worm" and "CA BrightStor ARCserve Backup Listservcntrl ActiveX Overflow" that came up in CS-MARS that were detected by an ASA IPS modules. Both signatures on IPS had RR=100, TR=65 and in CS-Mars both are classified as Event Severity=Red. Both had been tuned as "system confirmed false positive" but in the case of the Netsky worm, the Incidents were low severity, and in the CA BrightStor, the Incidents were high severity? How did MARS rate the Incidents?

245
Views
0
Helpful
0
Replies