Monday, September 25, 2006

Cisco MARS Starts Here!

Welcome to my Blog for the superb Cisco MARS (Monitoring, Analysis and Response System) Appliance.

Be sure to visit often, for a whole range of information on the MARS product.

I hope to create a site full of real world integrations, how-to`s and demonstrations, to get the most out of your investment in MARS.

Any questions or ideas, please get in touch.

3 comments:

Anonymous said...

Good work, keep it up please. Alec Nouvor

teckmerc said...

I get hundreds of thousands of scans, hack attempts, etc on my perimeter per day. MARS sees it all and stores this as incidents, events, etc. Should I be tuning MARS to drop these events since the vast majority show they are being blocked by the firewalls? Or should I just let MARS store them all. Any thoughts?

Schwag said...

You can drop these events and store them to the DB. I would not recommend dropping them completly, the may be usefull in the event there is a breach.