Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Why IPS for MARS

I would like to know what is the function of IPS signature download feature in CS-MARS. Is it required for network security of MARS or other devices.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Why IPS for MARS

The IPS devices need signature updates and MARS needs the XML version to keep in sync with what the IPS has.

To do automatic IPS signature updates on the sensors use the CS-Manager software.

6 REPLIES
Cisco Employee

Re: Why IPS for MARS

One problem with signature based solutions is the need to constantly update those signatures.

As you may be aware, device updates, software updates, bug fixes, and other items are rolled into each MARS software update available for download from Cisco.com. These updates are not released at the same rate as IPS signature updates and a lag occurs. The Cisco IPS signature updates have been broken out from this update cycle to allow for shortened update cycles.

The IPS Signature download feature gives MARS the capabilities to download Cisco IPS signature updates for itself automatically. This will free up your cycles in that you won't have to manually update these.

If you need to do automatic signature and software updates on your IPS Sensors take a look at the Cisco Security Manager software. You can download the software from Cisco.com and install it without a license to run it in a full featured, but time limited mode for testing.

New Member

Re: Why IPS for MARS

I don't think you understood the question. I believe he was asking what functionality does the IPS signatures in MARS provide? Do events and/or sessions get matched against the sigs? or are they there to help MARS interface with an IPS as a reporting device?

New Member

Re: Why IPS for MARS

Do you mean, the IPS signatures downloaded by MARS are used by itself for its own network security ?

Or does it apply to other devices as well.

Cisco Employee

Re: Why IPS for MARS

The IPS Signatures downloaded by MARS are used by MARS to understand what the IPS is sending it.

If MARS cannot normalize the log message coming from the IPS you'd end up with an unknown event.

New Member

Re: Why IPS for MARS

Wow!

Seems like incorrect terminology for this feature. 'IPS Signatures' download gives the same impression as IPS Signature download for IPS devices.

Cisco Employee

Re: Why IPS for MARS

The IPS devices need signature updates and MARS needs the XML version to keep in sync with what the IPS has.

To do automatic IPS signature updates on the sensors use the CS-Manager software.

173
Views
10
Helpful
6
Replies
CreatePlease to create content