Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

What should be there in MARS?

Hi, i guess it would be nice to discuss the options that we would like to see in MARS, may be in the next releases. It would give a good comparison in a way that the feedback from others in guiding to know if my/or your required features are already there in MARS or we might be needing some future releases to give us that, so here are few.

1. First, i don't know if it is already there, but i could not find it, i.e the attack diagram of old incidents (just like the ones on the main dash board for the past 2 hour incidents)

2. second, as everyone needs it, ability to customize the SVG topology, ability to do the extractions

3. Ability to control the device through MARS instead of using the RESPONSE (mitigation) feature, some sort of limited LMS/CSM feature based on the attacks, i know there are ACLS provided for most (if not each) incidents, would be fun to control the device through it :)(i don't know if it is too much to ask in a it, or it is some thing not even desriable for an NBA tool, but remeber, its a mitigation tool :) )

4. This box should give some sort of consultancy as it is given the authhority by the network admin to examin and keep a history/topology of the whole network, so instead of just checking the abonromality/anomoly, it should devise standard based instructions/configurations/designs so that one should be able to use it as a proactive tool instead of a reactive one.

Hope this is not going to be rocket science :) , and thats how i would like it more.


Re: What should be there in MARS?

All I want is a good bread and butter SIM (or SEM or whatever you want to call it). I don't care about mitigation(at this layer), or attack diagrams, or network topology. That being said:

1) more breadth and depth of device support. so, more device types supported and better parsing for the supported devices types.

2) ability to use groupings effectively (at all, really). e.g. When I create a grouping of devices and select it in a query...why do I still have to manually select each device. Let me add the actual group to the query and then when I update the group, the query is updated automatically.

3) better performance. Once a MARS box has been running for a while, even at 1/3 capacity, performance goes into the crapper.

4) better reporting.

New Member

Re: What should be there in MARS?

The ability to send the whole event via e-mail, rather than just the link to the event.