Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

MARS: How does it see "stuff"

I'm a new user and can't quite figure out how Mars "sees" things; e.g., worm attacks, strings in packets, etc.

It is not a gateway thru which all traffic passes ... it just sits there and looks at devices and therefore cannot examine packets.

Does it, therefore, rely on a device that it is watching to perform the examination?

Example1: how does it determine that the word "confidential" exists in traffic and then raise an alarm?

Example2: how does it know that a worm is propagating?

Therefore, is it true that ... if the devices it is watching do not have these capabilities, Mars will never report them?

TIA

1 REPLY

Re: MARS: How does it see "stuff"

Curt,

Mars is a corelation server that you point sylog traffic from all your devices to whether it is a firewall router host csa client etc.

Patrick

149
Views
0
Helpful
1
Replies
CreatePlease to create content