Thanks to Csaba for pointing out to me, that Cisco have released MARS version 6.0.4
Surprisingly with some of the rumours out there at the moment, there are some new features in this release, and not just signature updates for the supported products.
You can check out the release notes HERE.
So apart from some cosmetic changes, here is what is new...
New Device Support
The 6.0.4 release of MARS supports the following new device versions:
•Cisco ASA 8.2
•Cisco IPS 7.0
•Cisco IPS 6.2
•Cisco IOS/Switch IOS 12.4 (backward compatibility support)
•Cisco FWSM 4.0.1 and 4.0.4 (backward compatibility support)
•Cisco Security Agent 6.0.1 (backward compatibility support)
Miscellaneous Changes and Enhancements
Botnet Traffic Filter (ASA 8.2) Feature Support—Detect malware that attempts malicious network activity, such as sending private data (passwords, credit card numbers, key strokes, or proprietary data) with ASA Botnet Traffic Filter (BTF).
MARS support for ASA 8.2 introduces the following BTF features:
–ASA Botnet Summary Tab—When monitoring a properly configured Cisco ASA 8.2 device, customers can quickly view Botnet activity on their network using the new summary tab that provides at-a-glance dashboard with the following new reports:
–Activity: ASA Botnet Traffic Filter - Top Botnet Ports
–Activity: ASA Botnet Traffic Filter - Top Botnet Sites
–Activity: ASA Botnet Traffic Filter - Top Infected Hosts
–BTF: System reports—When monitoring a properly configured Cisco ASA 8.2 device, customers can drill down into malicious activity with the following new reports:
–Hosts which have generated phone home activity (top infected hosts)
–Adequate host details (port/protocol, user agent, etc.) required to remediation.
–Top Botnet sites by domain and IP address
–Top Botnet ports detected
–BTF: System rule—When monitoring a properly configured Cisco ASA 8.2 device, a new system rule is available that detects failed phone-home db downloads.
•Cisco IPS 7.0 Feature Support—IPS 7.0(1) contains a new security capability, Cisco Global Correlation, which uses the immense security intelligence that Cisco has amassed over the years.
MARS support for 7.0(1) introduces the following Global Correlation features:
–A new system report that identifies the attacks blocked by Cisco IPS 7.0 (1) over a specified interval.
–Global Correlation scores embedded in query and reporting interfaces allow customers to view reputation data and create customized Global Correlation reports.
•Tunable Query Performance Support—Customers can reduce query wait times by creating custom indexes for commonly run queries.
•E-Mail Notification Update—E-mail based notifications now include top 3 source IPs, top 3 destination IPs, and top 3 botnet sites.
•Future Cisco.com Software Update Support—MARS 6.0.4 includes changes to support a seamless migration from the current Cisco.com software and signature download sites to a new location hosted on Cisco.com. Customers are required to upgrade to 6.0.4 to enable future automated system upgrades, patches, and dynamic signature update support, features introduced in MARS 6.0.1 .
And Finally Very ImportantThe 6.0.3 release, distributed in April 2009, was the last software release for the CS-MARS 100, 100e, 200, GC, and GCm appliances. Therefore, you cannot apply the 6.0.4 release to these appliance models.