Repost from OffTopic: 3rd Party Cisco IPS Monitoring

Non exam stuff is meant to go in OT I know, and that's where this was originally posted, not a peep though so I'm hoping someone here might have an idea.

I know you can use the CLI monitor and ASDM to monitor IPS events but neither is that great imho. Are there any good 3rd party monitor/viewers you guys use and can recommend?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

dtlokee

I just did an install on a MARS appliance, it works very well, but with a price tag of 15k it should. Not sure about any 3rd party ones, I bleed green.

Ahriakin

Thanks DT, yup a MARS or TRIGEO was on my wish list last year with the IPS' (ASA AIP-SSMs) but it didn't make it to the shopping list. I'm beginning to think Syslog and the Event Viewer it will be..... Are you using the MARS in production for for your classes?

dtlokee

The setup was 2 mars 110R appliances for a customer, but I am currently evaluating MARS for classes. I don't know if there's enough money in it to justify the equipment expenses. I am waiting to see which of the three (MARS, HIPS, or CNAC) will become the dominate one. Most likely it will be HIPS as I think that is still the easiest and more widely used product.

ITdude

Hey dt, sounds like you need a big bandaid for that green bleed!

Ahriakin

Just figured I'd update this in case anyone ends up searching for a similar solution. I'm trying out the Eval of Cisco Security Manager right now and it includes the Cisco IPS Event Viewer, which it turns out is also a standalone free downloadable from Cisco.com . It's MUCH better than the IDM event viewer as you can sort your views into single line/multi column data, set email alerts etc. Definitely worth getting if you don't have access to any other monitoring software or devices.