Welcome to my Blog for the superb Cisco MARS (Monitoring, Analysis and Response System) Appliance.
Be sure to visit often, for a whole range of information on the MARS product.
I hope to create a site full of real world integrations, how-to`s and demonstrations, to get the most out of your investment in MARS.
Any questions or ideas, please get in touch.
Good work, keep it up please. Alec Nouvor
ReplyDeleteI get hundreds of thousands of scans, hack attempts, etc on my perimeter per day. MARS sees it all and stores this as incidents, events, etc. Should I be tuning MARS to drop these events since the vast majority show they are being blocked by the firewalls? Or should I just let MARS store them all. Any thoughts?
ReplyDeleteYou can drop these events and store them to the DB. I would not recommend dropping them completly, the may be usefull in the event there is a breach.
ReplyDelete