Hi, i guess it would be nice to discuss the options that we would like to see in MARS, may be in the next releases. It would give a good comparison in a way that the feedback from others in guiding to know if my/or your required features are already there in MARS or we might be needing some future releases to give us that, so here are few.
1. First, i don't know if it is already there, but i could not find it, i.e the attack diagram of old incidents (just like the ones on the main dash board for the past 2 hour incidents)
2. second, as everyone needs it, ability to customize the SVG topology, ability to do the extractions
3. Ability to control the device through MARS instead of using the RESPONSE (mitigation) feature, some sort of limited LMS/CSM feature based on the attacks, i know there are ACLS provided for most (if not each) incidents, but...it would be fun to control the device through it :)(i don't know if it is too much to ask in a it, or it is some thing not even desriable for an NBA tool, but remeber, its a mitigation tool :) )
4. This box should give some sort of consultancy as it is given the authhority by the network admin to examin and keep a history/topology of the whole network, so instead of just checking the abonromality/anomoly, it should devise standard based instructions/configurations/designs so that one should be able to use it as a proactive tool instead of a reactive one.
Hope this is not going to be rocket science :) , and thats how i would like it more.
All I want is a good bread and butter SIM (or SEM or whatever you want to call it). I don't care about mitigation(at this layer), or attack diagrams, or network topology. That being said:
1) more breadth and depth of device support. so, more device types supported and better parsing for the supported devices types.
2) ability to use groupings effectively (at all, really). e.g. When I create a grouping of devices and select it in a query...why do I still have to manually select each device. Let me add the actual group to the query and then when I update the group, the query is updated automatically.
3) better performance. Once a MARS box has been running for a while, even at 1/3 capacity, performance goes into the crapper.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...