I I will appreciate if you can share your experience implementing csmars. we got m20 box recently.In our network we have IPS 4215 which is configured in csmars as a reporting device. IPS can be used as a mitigating device too. what we did is run a nmap scan connecting to the same switch where IPS is running in inline mode and csmars connected. we cd see the incidents reported in csmars. but csmars isn't showing ips a mitigating devices. logically i understand IPS should be detected as mitigating device but looking the attack diagram I cant see it. Have you used IPS as a mitigating device, if so are we missing anything to configure.
I've had good success implementing CS-MARS for our clients and recommend it as part of a layered security approach.
A couple of questions:
1. Why haven't you upgraded the code on the MARS box? 4.2.2 is the latest and you don't necessarily have to do a sequential upgrade if you don't mind starting over with a clean ISO image. Otherwise, you have 4-6 hours of sequential upgrades before you.
2. Have you included any networking devices like routers and switches that would help MARS learn the topology of your network?
There is a good reference book from Cisco Press written by Dale Tesch that will help you implement MARS and further understand how using an IPS as a mitigating device will work.
well i shall upgrade the image as suggested.with the current version , we have added few devices like routers and switches, ips, pix and can also see events, incidents.
wht we cant get is how csmars decides the mitigated device.as i mentioned before we did nmap scan and cd see the alerts from IPS in csmars but csmars doesnt see tht device as a mitigated device in the path. this is wht i see No enforcement devices found, although i think it shd see IPS as the mitigating device
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...