Cisco CS-MARS-20-K9 - Security MARS 20 User Manual page 56

Selecting the Devices to Monitor
Table 2-2 Device Types and Data Available (continued)
Device Type Data Available
Network IDS/IPS Fired signature alerts. Identifies attacks and
threats, which helps determine mitigation
response, identify potential false positive
information, and target vulnerability assessment
probes conducted by MARS.
Trigger packet information. Provides the
payload of the packet that caused the signature to
fire.
Determine whether an attack was blocked at a
specific device.
Device status information
Host IDSes Provides host-level validation of exploits and
blocked attacks, which improves the accuracy of
false positive identification, which in turn
improves the ability of the administrator to
accurately prioritize the work required to contain
attacks.
Anti-Virus Central anti-virus management servers provide
information on which hosts are infected, which
hosts have reported attempted infections, etc. The
servers also provide the dat or signature file
information for managed hosts, which improves
the ability to determine whether an attack was
likely to have succeeded.
Vulnerability Host OS and Patch Level. When a signature fires
Assessment on an IDS and it is reported to MARS, MARS can
either launch a targeted scan using Nessus, or
query a vulnerability assessment system that
helps determine whether the target was
vulnerable.
User Guide for Cisco Security MARS Local Controller
2-6
Chapter 2 Reporting and Mitigation Devices Overview
Recommended Configurations
Enable any vulnerability assessment solutions
supported by MARS.
78-17020-01