Welcome to my Blog for the superb Cisco MARS (Monitoring, Analysis and Response System) Appliance.
Be sure to visit often, for a whole range of information on the MARS product.
I hope to create a site full of real world integrations, how-to`s and demonstrations, to get the most out of your investment in MARS.
Any questions or ideas, please get in touch.
Subscribe to:
Post Comments (Atom)
Posts
3 comments:
Good work, keep it up please. Alec Nouvor
I get hundreds of thousands of scans, hack attempts, etc on my perimeter per day. MARS sees it all and stores this as incidents, events, etc. Should I be tuning MARS to drop these events since the vast majority show they are being blocked by the firewalls? Or should I just let MARS store them all. Any thoughts?
You can drop these events and store them to the DB. I would not recommend dropping them completly, the may be usefull in the event there is a breach.
Post a Comment