Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to convert Cisco IPS signatures to a MARS events - no keyword search

I am trying to run a scheduled report looking for the new Microsoft exploit under the IPS S411 release, SIGID 19339.0 and I am trying to form the query looking for the event this falls under without using a keyword search on the SIGID. Does anyone know how to correlate an IPS signature to a MARS event?

Thanks,

Mike

  • MARS
2 REPLIES
Silver

Re: How to convert Cisco IPS signatures to a MARS events - no ke

With the help of On-box local event correlation technology you can correlate. On-box local event correlation technology not only enables detection, but actually blocks multi-event attacks and malware in real time, complementing security incident management software such as the Cisco Security Monitoring, Analysis, and Reporting System (Cisco Security MARS) that correlate events across multiple devices.

Integrates with the Cisco Security Manager to correlate security events with the configured firewall rules and intrusion prevention system (IPS) signatures that can affect the security event

Re: How to convert Cisco IPS signatures to a MARS events - no ke

Sorry its not clear what you are trying to achieve, can you please elaborate more?

159
Views
0
Helpful
2
Replies
This widget could not be displayed.