MARS really isn't positioned to be a Netflow anomaly detection with the likes of Arbor and others previously mentioned. It's simply a feature that's in there to help bring into perspective of what's going on with your Cisco infrastructure from a threat perspective. And I would definitely be careful with the amount of logs and Netflow that you send to the device as you can definitely cause it to choke whereby the device isn't storing enough events for proper correlation.
On Sun, Mar 15, 2009 at 8:03 PM, Justin Shore <[email protected]>wrote: > Roland Dobbins wrote: > >> >> On Mar 16, 2009, at 12:39 AM, Roland Dobbins wrote: >> >> Arbor Peakflow SP, Narus Insight Manager, and Lancope StealthWatch Xe are >>> three commercial NetFlow-based anomaly-detection systems. >>> >> >> I forgot to add Q1 Labs Q1Radar, and I believe NetQoS now have an >> anomaly-detection module, as well, though I've not seen it. >> > > How about MARS? I'm trying to get a pair of IDSM2s returned (they don't > work right on 7600s) in exchange for a MARS 110R appliance. That's roughly > the same price. I'm planning on using it for log analysis. Would its > Netflow abilities be useful here? > > Justin > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
