I run the report 'activity:attacks seen - Top reporting devices' every hour... So I see which devices have the most incidents and now i want to know what they are. Well, there is no link to take me to them. So I log into MARS...now what? If i go to the incidents tab it shows me all of the events...but no details. So I have to click on each event?
Mars needs more drill down. Has anyone else run into this or found a way around it?
When you click the Incident ID, the Incident Details table appears in a separate browser connected to the Local Controller that recorded the event.
Each row of the Incident Details table represents either a session or the information common to a group of sessions. You can see all of the collapsed session information by clicking the plus signs to expand the group. You can expand or collapse all of the incident's information by clicking the Expand All orCollapse All buttons.
For the further description following URL may help you
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...