Thursday, October 28, 2010

Cisco MARS 6.1.1 Released

Cisco have released MARS Version 6.1.1

You can view the release notes HERE

Changes and Enhancements

ASA 8.2.2 Botnet Traffic Filter
The ASA BTF feature was enhanced in ASA 8.2.2 to add blacklist actions including blocking functionality to Dynamic Filter, as well as additional attributes. MARS Release 6.1.1 supports these enhanced BTF attributes:
Parses the new BTF-specific syslogs that provide visibility into blocked site traffic
Supports additional attributes for "threat_level" and "threat_category"
Adds two system rules and one report 

ASA 8.2.3
In 6.1.1, CS-MARS supports ASA 8.2.3 (Spyker) CLI changes and high priority syslogs for CS-MARS functionality 

Agent-less Windows 2008/Vista/7 Support
In Windows 2008/Vista/7, the Windows Event Log subsystem was substantially overhauled relative to earlier versions supported by CS-MARS. MARS 6.1.1 supports Windows 2008/Vista/7 events pulled by CS-MARS from the Windows hosts (agent-less). [In 6.0.7, MARS supported Windows 2008/Vista/7 events sent by a SNARE agent (agent-based).] 

Ability to Manage SSH Keys
A new CLI command is implemented to handle outdated SSH keys: pnsshfs