Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Force MARS to still alert on System False Positives

Our MARS 6.0.3 box has developed a bad habit of not alerting on certain signatures that it determines as being false positives. Mostly these are P2P rules in which the traffic is indeed blocked by the IPS devices. We still need to be alerted by this at the time of the event so that we can follow up on the incident. When we were on 4.X, we merrily received alerts when someone opened up a BitTorrent session. Now, for the most part, we do not receive alerts on these incidents and the record of them occurring is banished to the system determined false positive page. Any idea on how to get these alerting again, or to alert on when the MARS box determines an event to be a false positive?

Thanks

GMZ

105
Views
0
Helpful
0
Replies
CreatePlease to create content