tag:blogger.com,1999:blog-34995790.post115919435914739160..comments2008-04-03T14:57:01.980ZComments on The Unofficial Cisco MARS Blog: Cisco MARS Starts Here!Chris Durkinhttp://www.blogger.com/profile/08997829845892677696noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-34995790.post-15603863039602479092008-04-03T14:55:00.000Z2008-04-03T14:55:00.000ZYou can drop these events and store them to the DB...You can drop these events and store them to the DB. I would not recommend dropping them completly, the may be usefull in the event there is a breach.Schwaghttp://www.blogger.com/profile/06516374892105285907noreply@blogger.comtag:blogger.com,1999:blog-34995790.post-63878154001628315442007-09-27T04:42:00.000Z2007-09-27T04:42:00.000ZI get hundreds of thousands of scans, hack attempt...I get hundreds of thousands of scans, hack attempts, etc on my perimeter per day. MARS sees it all and stores this as incidents, events, etc. Should I be tuning MARS to drop these events since the vast majority show they are being blocked by the firewalls? Or should I just let MARS store them all. Any thoughts?teckmerchttp://www.blogger.com/profile/01268119433342300322noreply@blogger.comtag:blogger.com,1999:blog-34995790.post-1159303463894095722006-09-26T20:44:00.000Z2006-09-26T20:44:00.000ZGood work, keep it up please. Alec NouvorGood work, keep it up please. Alec NouvorAnonymousnoreply@blogger.com