Cisco CS-MARS-20-K9 - Security MARS 20 User Manual page 577

#
(Quintuple) The five pieces of data found within all IP-based network packets: source IP address,
5-tuple
source port, destination IP address, destination port, and protocol. You can define inspection rules,
queries, and reports using the data found in the 5-tuple.
A
(\
This is the IP address that MARS uses to connect to the device and to get its configuration information.
Access IP Address
MARS needs this address for NAT-related session correlation, attack path calculation, and mitigation
enter access information.
Making changes or edits known to the MARS after submitting changes.
Activate
D
The hosts and reporting devices present in the system.
Devices
The act of identifying, either automatically or manually, devices in networks.
Discovery
The MARS STM probes selected networks, and their components, for vulnerabilities.
Dynamic
Vulnerability
Scanning
E
A security event reported to the MARS STM appliance. Events have: types, sources, destinations,
Event
reporting devices, etc.
Groups of similar security events. An event type is the normalized signature from a reporting device.
Event Types
F
An event that resembles a valid security threat, but is not.
False Positive
An event that contributed to a rule firing.
Firing Events
78-17020-01
G L O S S A R Y
User Guide for Cisco Security MARS Local Controller
GL-1