Priveon Labs Security Blog

I'm often asked by customers for a document that lists the available MARS system-level reports. The MARS Documentation does not directly provide this information, nor is it an easy thing to extract from the GUI.

That said, here is the complete report list available as of MARS version 4.2.5:

Activity: AAA Based Access - All Events
This report details AAA based access (e.g. to the network or to specific devices).

Activity: AAA Based Access Failure - All Events
This report details all failed AAA (e.g. RADIUS, TACACS) based access attempts. Typically mechanisms such as 802.1x, network device access, Cisco NAC use AAA servers for access control.

Activity: AAA Failed Auth - All Events
This report displays event details on failed AAA authentications. This report covers the following cases: regular AAA auth, 802.1x auth, L2 IP and L3 IP auth, L2 802.1x auth. An authentication may fail because of policy misconfiguration on the AAA server or wrong user credentials.

Activity: AAA Failed Auth - Top NADs
This report ranks the Network Access Devices (NADs) based on failed AAA authentications. This report covers the following cases: regular AAA auth, 802.1x auth, L2 IP and L3 IP auth, L2 802.1x auth. An authentication may fail because of policy misconfiguration on the AAA server or wrong user credentials.

Activity: AAA Failed Auth - Top Users
This report ranks the users based on failed AAA authentications. This report covers the following cases: regular AAA auth, 802.1x auth, L2 IP and L3 IP auth, L2 802.1x auth. An authentication may fail because of policy misconfiguration on the AAA server or wrong user credentials.

Follow up:

Activity: Accounts Locked - All Events
This report details events that indicate locked computer accounts because of excessive login failures.

Activity: Accounts Locked - Top Hosts
This report ranks the hosts by the accounts locked.

Activity: All - NAT Connections
This report lists Network Address Translations performed on non-denied sessions as reported to MARS.

Activity: All - Top Destination Ports
This report ranks the UDP and TCP destination ports of all events seen by MARS over the past hour. This report is used by pages in the Summary tab.

Activity: All - Top Destinations
This report ranks the session destinations of all events seen by MARS over the past hour. This report is used by pages in the Summary tab.

Activity: All - Top Event Type Groups
This report ranks event type groups by reported events that belong to each group. The event type groups give a general feeling about the type of network activity reported to MARS.

Activity: All - Top Event Types
This report ranks the event types of all events seen by MARS over the past hour. This report is used by pages in the Summary tab.

Activity: All - Top Reporting Device Types
This report ranks security device types by the number events reported by devices of each particular type.

Activity: All - Top Reporting Devices
This report ranks security devices by the total number of events reported by each device. This report is used by pages in the Summary tab.

Activity: All - Top Sources
This report ranks the session sources of all events seen by MARS over the past hour. This report is used by pages in the Summary tab.

Activity: All - Top Users
This report tracks the most frequent logins and other user activity by showing the most active user names.

Activity: All Events and Netflow - Top Destination Ports
This report ranks the UDP and TCP destination ports of all events (including Netflow events) seen by MARS over the past hour. This report is used by pages in the Summary tab.

Activity: All Sessions - Top Destination Ports by Bytes
This report ranks all destination ports by bytes transferred.

Activity: All Sessions - Top Destinations by Bytes
This report ranks all destinations by bytes transferred.

Activity: Attacks Prevented - Top Reporting Devices
This report ranks security devices by the number of attacks prevented.

Activity: Attacks Prevented by Cisco IPS - All Events
This report contains all Cisco IPS events for which attacks (or attempts) were prevented.

Activity: Attacks Prevented by Cisco IPS - Top Event Types
This report ranks the top Cisco IPS event types for which attacks (or attempts) were prevented

Activity: Attacks Seen - Top Event Types
This report ranks the top attack event types.

Activity: Attacks Seen - Top Reporting Devices
This report ranks security devices by the number of attack events logged. The security devices can be firewalls, NIDS and HIDS.

Activity: Backdoor - Top Destinations
This report ranks the hosts that respond to backdoor connection attempts.

Activity: Backdoor - Top Event Types
This report ranks the events that detect some form of backdoor activity. A backdoor may be created by an attacker on a compromised host. A backdoor event can be either an attempt to connect to a backdoor or a response from a server running a backdoor.

Activity: Backdoor - Top Hosts
This report ranks the hosts that respond to backdoor connection attempts. This means that the hosts are likely infected and running backdoors.

Activity: CS-MARS Accepted Conflicting Certificates/Fingerprints
This report lists event details due to CS-MARS accepting conflicting SSL certificates or SSH Key Fingerprints when connecting to remote devices.

Activity: CS-MARS Accepted New Certificates/Fingerprints
This report lists event details due to CS-MARS accepting new SSL certificates or SSH Key Fingerprints when connecting to remote devices.

Activity: CS-MARS Detected Conflicting Certificates/Fingerprints
This report lists event details due to CS-MARS detecting conflicting SSL certificates or SSH Key Fingerprints when connecting to remote devices.

Activity: CS-MARS Device Connectivity Errors
This report lists event details of CS-MARS device connectivity errors due to various reasons (e.g. conflicting SSL certificates or SSH key fingerprints, network timeout etc.). This includes both transient and persisting errors.

Activity: CS-MARS Failure Saving Certificates/Fingerprints
This report lists event details due to CS-MARS failure to save new or changed SSL certificates or SSH Key Fingerprints based on explicit user action or automatic accept due to SSL/SSH Settings.

Activity: CS-MARS Host Mitigation - Failure - All Events
This report lists failed CS-MARS mitigation attempts - these can result from improper network connectivity or device access credentials.

Activity: CS-MARS Host Mitigation - Success - All Events
This report lists successful mitigations from CS-MARS.

Activity: Database Login Failures - All Events
This report lists the event details for all database login failure events.

Activity: Database Login Failures - Top Servers
This report ranks the database servers by the number of login failures.

Activity: Database Login Failures - Top Users
This report ranks the users by the number of login failures.

Activity: Database Login Successes - All Events
This report lists event details for all successful database login events.

Activity: Database Login Successes - Top Servers
This report ranks the database server hosts by the number of successful logins.

Activity: Database Login Successes - Top Users
This report ranks the database users by the number of successful logins.

Activity: Database Object Modification Failures - All Events
This report lists the event details for all failed database object modification attempts.

Activity: Database Object Modification Failures - Top Users
This report ranks the users by the number of failed database object modification attempts.

Activity: Database Object Modification Successes - All Events
This report lists the event details for all successful database object modification attempts.

Activity: Database Object Modification Successes - Top Users
This report ranks the number of users by the number of successful database object modifications.

Activity: Database Privileged Command Failures - All Events
This report lists event details for all privileged database command execution failures.

Activity: Database Privileged Command Failures - Top Users
This report ranks the users by failed privileged database command execution attempts.

Activity: Database Privileged Command Successes - All Events
This report lists the event details for all successful privileged database commands executed.

Activity: Database Privileged Command Successes - Top Users
This report ranks the users by successful privileged database commands executed.

Activity: Database Regular Command Failures - All Events
This report lists the event details for all failed non-privileged database command execution attempts.

Activity: Database Regular Command Failures - Top Users
This report ranks the users by the number of non-privileged database command execution attempts.

Activity: Database Regular Command Successes - All Events
This report lists the event details for all successful non-privileged database command executions.

Activity: Database Regular Command Successes - Top Users
This report ranks the users by successful non-privileged database command executions.

Activity: Database User/Group Change Failures - All Events
This report lists the event details for all failed database user/group modification attempts.

Activity: Database User/Group Change Failures - Top Users
This report ranks the users by the number of failed database user/group modification attempts.

Activity: Database User/Group Change Successes - All Events
This report lists the event details for all successful database user/group modifications.

Activity: Database User/Group Change Successes - Top Users
This report ranks the users by the successful database user/group modifications performed.

Activity: Denies - Top Destination Ports
This report ranks the destination ports to which attacks have been targetted but denied.

Activity: Denies - Top Destinations
This report ranks the destination hosts to which attacks have been targeted but denied.

Activity: Denies - Top Sources
This report ranks attack sources by the number of denied connection attempts.

Activity: Host Admin Login Success - All Events
This report details successful administrative login events to hosts.

Activity: Host Login Failures - All Events
This report records all host login failure details.

Activity: Host Login Failures - Top Destinations
This report ranks hosts by the number of logon failures recorded.

Activity: Host Login Failures - Top Users
This report ranks host users by failed login attempts.

Activity: Host Login Success - All Events
This report details all host login success event details

Activity: Host Login Success - Top Host
This report ranks hosts by successful logins.

Activity: Host Object Access - All Events
This report records all Microsoft Windows Object Access events from Windows Event Logs.

Activity: Host Privilege Escalation - All Events
This report provides details for events that represent an user attempting to increase access rights on a particular host. Such attempts can happen remotely or from the local console and can be reported by Network or Host IDS devices or the hosts themselves

Activity: Host Privilege Escalation - Top Hosts
This report records ranks the hosts by access privilege escalation attempts attempted against them. Such attempts can happen remotely or from the local console and can be reported by Network or Host IDS devices or the hosts themselves

Activity: Host Privileged Access - All Events
This report records all Microsoft Windows Host Privileged Access events from Windows Event Logs.

Activity: Host Process Tracking - All Events
This report records all Microsoft Windows Detailed Process Tracking events from Windows Event Logs.

Activity: Host Registry Changes - All Events
This report records the events signalling Microsoft Windows registry changes.

Activity: Host Registry Changes - Top Host
This report ranks hosts by the number of Microsoft Windows registry changes reported.

Activity: Host Security Policy Changes - All Events
This report lists all policy changes on a host affecting host security. These events are typically reported by Host IDS and host agents.

Activity: Host Security Policy Changes - Top Host
This report ranks hosts by the number of security policy changes on that host.

Activity: Host System Events - All Events
This report records the Microsoft Windows system events, e.g. startup, shutdown, LSA registration, audit event discards, etc.

Activity: Host User/Group Management - All Events
This report recordss user group management events reported by hosts.

Activity: Host User/Group Management - Top hosts
This report ranks hosts by user group management events reported.

Activity: IDS Evasion - Top Event Types
This report ranks the events that detect an attempt by an attacker to evade detection by Network IDS systems. This may be web-based obfuscation attacks, fragmentation attacks or TCP/IP based attacks.

Activity: IOS IPS DTM Successful Signature Tuning - All Events
This report lists all successful IOS IPS signature download activities - both adition and deletion. CS-MARS Distributed Threat Mitigation (DTM) turns on ACTIVE IPS signatures on IOS routers.

Activity: IRC - All Events
This report lists all IRC activities. Typically, worms deposit executables on infected hosts that initiate IRC connections.

Activity: Inactive Reporting Device - Top Devices
This report lists devices that are configured to be reporting to CS-MARS bt haven't reported any event in the last hour.

Activity: Network Usage - Top Destination Ports
This report ranks destination ports by number of network sessions. This report requires that the syslog level of routers or firewalls be set to high to be able to capture session events. This report provides a general usage pattern of the network.

Activity: Network Usage - Top Destination Ports By Bytes
This report ranks the top destination ports by bytes sent and transmitted.

Activity: New Malware Discovered - All Events
This report lists all the new virus/worm/malware outbreaks discovered by Cisco Incident Control Server.

Activity: New Malware Prevention Deployment Failure - All Events
This report lists all devices to which ACL and signature deployment attempts by a Cisco Incident Control Server, in response to a new virus/worm/malware outbreak, failed.

Activity: New Malware Prevention Deployment Success - All Events
This report lists all destinations (Cisco IOS IPS devices and IPS appliances) to which Cisco Incident Control Server has deployed new ACLs and signatures in respond to a new virus/worm/malware outbreak.

Activity: New Malware Traffic Match - All Events
This report details the traffic sources and the enforcing devices that match the ACLs and signatures deployed by the Cisco Incident Control Server in response to a newly discovered malware outbreak.

Activity: New Malware Traffic Match - Top Sources
This report lists the top sources that match the ACLs or signatures dynamically deployed by Cisco Incident Control Server in response to a new virus/worm/malware outbreak. This indicates that these sources are likely infected.

Activity: P2P Filesharing/Chat - All Events
This event details all P2P File sharing or Chat event details.

Activity: P2P Filesharing/Chat - Top Event Types
This event ranks events detecting person-to-person file sharing protocol and chat protocol activity. File sharing protocols such as KaZaa, Napster, EDonkey and chat protocols such as IRC, Hotline and instant messaging protocols may not be suitable in business environments.

Activity: P2P Filesharing/Chat - Top Hosts
This report ranks hosts involved in P2P Filesharing and chat protocol activity. Such protocols may not be suitable in business environments.

Activity: Recreational - All Events
This event details all users involved in recreational activities such as games, specific web sites such as gambling etc.

Activity: Recreational - Top Sources
This report ranks the source addesses involved in recreational activities such as games, adult web sites, stock sites etc.

Activity: Remote Access Login - All Events
This report details of remote access login events (IPSec, SSLVPN, PPP, L2TP etc)

Activity: Remote Access Login - Top User
This report ranks users by remote access logins (PPP, L2TP, PPTP, IPSec).

Activity: Remote Access Login Failures - All Events
This event details all failed remote access login event details.

Activity: Scans - Top Destination Ports
This report ranks destination ports by the total number of events detecting scanning activity for that port. Scans involve activities such as searching for alive hosts, open services on such hosts and detecting host configuration and application settings.

Activity: Scans - Top Destinations
This report ranks hosts by the total number of events detecting scanning activity directed to that host. Scans involve activities such as searching for alive hosts, open services on such hosts and detecting host configuration and application settings.

Activity: Scans - Top Sources
This report ranks an attack sources by the total number of events detecting scanning activity for certain services. Scans involve activities such as searching for alive hosts, open services on such hosts and detecting host configuration and application settings.

Activity: Security Posture: Healthy - Top Users
This report lists the users in a HEALTHY Security Posture State. A Healthy security posture implies that the posture of the host is up to date, policy compliant and does not need attention.

Activity: Security Posture: NAC - Top NADs
This report ranks the network access devices (NADs) handling Network Admission Control transcations.

Activity: Security Posture: NAC - Top NADs and Tokens
This report displays the Network Access Devices (NADs) handling Network Admission Control transcations along with the tokens assigned by each of them.

Activity: Security Posture: NAC - Top Tokens
This report shows the network wide distribution of NAC tokens. The possible token values are HEALTHY, CHECKUP, INFECTED, QUARANTINE, UNKNOWN. The TRANSITION token is excluded since it is an intermediate state.

Activity: Security Posture: NAC Agentless - Top Hosts
This report captures the distribution of NAC tokens for end hosts that do not have Cisco Trust Agent (CTA) software. In this case, the posture validation is done either locally by the Network Access Device or via the Audit Server. The possible NAC tokens values in this report are HEALTHY, CHECKUP, INFECTED, QUARANTINE, UNKNOWN. The TRANSITION token is excluded since it is an intermediate state.

Activity: Security Posture: NAC Agentless - Top NADs
This report captures the distribution of NAC tokens for end hosts that do not have Cisco Trust Agent (CTA) software. In this case, the posture validation is done either locally by the Network Access Device or via the Audit Server. The possible NAC tokens values in this report are HEALTHY, CHECKUP, INFECTED, QUARANTINE, UNKNOWN. The TRANSITION token is excluded since it is an intermediate state.

Activity: Security Posture: NAC Agentless - Top Tokens
This report captures the distribution of NAC tokens for end hosts that do not have Cisco Trust Agent (CTA) software. In this case, the posture validation is done either locally by the Network Access Device or via the Audit Server. The possible NAC tokens values in this report are HEALTHY, CHECKUP, INFECTED, QUARANTINE, UNKNOWN. The TRANSITION token is excluded since it is an intermediate state.

Activity: Security Posture: NAC Audit Server Issues - All Events
This report ranks the end hosts for which the AAA server is having an issue with obtaining the right security posture token from the audit server. These hoend sts do not have the Cisco Trust Agent (CTA) running and they depend on an Audit Server for obtaining the proper Security Posture Token.

Activity: Security Posture: NAC End Host Details - All Events
This report details all the NAC related messages from the Network Access Devices (NAD) and AAA servers. Choose a source IP address or user to see the messages for one end host.

Activity: Security Posture: NAC Infected/Quarantine - All Events
This report reports the event details for the hosts that are in an INFECTED or QUARANTINE state. The QUARANTINE hosts must do Anti-virus DAT file updates before network access and the INFECTED hosts must be cleaned before network access.

Activity: Security Posture: NAC Infected/Quarantine - Top Hosts
This report details the hosts that are in an INFECTED or QUARANTINE state. The QUARANTINE hosts must do Anti-virus DAT file updates before network access and the INFECTED hosts must be cleaned before network access.

Activity: Security Posture: NAC L2 802.1x - Top Tokens
This report captures the distribution of NAC tokens for end hosts that use Layer 2 IEEE 802.1x method to validate their posture. The possible NAC tokens values in this report are HEALTHY, CHECKUP, INFECTED, QUARANTINE, UNKNOWN. The TRANSITION token is excluded since it is an intermediate state.

Activity: Security Posture: NAC L2IP - Top Tokens
This report captures the distribution of NAC tokens for end hosts that use Layer 2 IP method to validate their posture. The possible NAC tokens values in this report are HEALTHY, CHECKUP, INFECTED, QUARANTINE, UNKNOWN. The TRANSITION token is excluded since it is an intermediate state.

Activity: Security Posture: NAC Static Auth - Top Hosts
This report captures the hosts that are configured as static exceptions on the Network Access Device (NAD). For these hosts, the NAD directly permits network access without consulting the posture validation server.

Activity: Security Posture: NAC Static Auth - Top NADs
This report captures the Network Access Device (NAD) that are permitting end hosts into the network as static exceptions. For these end hosts, the NAD directly permits network access without consulting the posture validation server.

Activity: Security Posture: NAC Status Query Failure - Top Hosts
This report details the top hosts that failed the status queries from the Network Access Devices (NAD). Such failures occur after initial authorization whenever there is a change in posture detected by the Cisco Trust Agent (CTA) on the end host. Such failures may be caused by user frequently enabling or disabling CTA agents.

Activity: Security Posture: Not Healthy - All Events
This report lists the detailed events for users whose security posture is not up to date, ie. in either a CHECKUP, QUARANTINE or INFECTED state. The software on these hosts need to be upgraded. The CHECKUP hosts may need DAT file updates, the QUARANTINE hosts must do DAT file updates before network access and the INFECTED hosts must be remediated before network access.

Activity: Spyware - All Events
This event details all spyware events.

Activity: Spyware - Top Hosts
This report ranks the hosts running spyware applications. Spywares are malicious applications that installs and runs on hosts, collect the username, passwords, and credit card information and send this information to the spyware writers.

Activity: Stealth Scans - Top Sources
This report ranks attackers by the amount of stealth scanning activity. Such activities include sending crafted packets to detect host operating systems and other vulnerabilities. Vulnerability scanners may generate such events.

Activity: Sudden Traffic Increase To Port - All Destinations
This report lists hosts that exhibit anomalous behavior by suddenly receiving statistically significant volume on a TCP/UDP port or ICMP traffic.

Activity: Sudden Traffic Increase To Port - All Sources
This report lists hosts that exhibit anomalous behavior by suddenly sending statistically significant volume on a TCP/UDP port or ICMP traffic.

Activity: Uncommon or Anomalous Traffic - All Events
This report details uncommon or anomalous traffic such as unused TCP options, uncommon ICMP traffic, non-standard traffic on standard port, tunneled traffic etc.

Activity: Unknown Events - All Events
This report tracks the events that are unknown to MARS.

Activity: Virus/Worms - Top Event Types
This report ranks the events that detect virus or worm activity in the network.

Activity: Virus/Worms - Top Infected Hosts
This report ranks hosts that are propagating virus and worms via SMTP, POP, IMAP, network shares etc.

Activity: Virus: Detected - Top Users
This report ranks users/workstations by viruses detected.

Activity: Virus: Infections - Top Users
This report ranks users/workstations by viruses detected and not cleaned.

Activity: Vulnerable Host Found
This host lists all vulnerable hosts found by IDS or VA scanners

Activity: Vulnerable Host Found via VA Scanner
This report lists vulnerable hosts and associated vulnerabilities found by importing information from Vulnerability Analysis (VA) scanners.

Activity: Web Usage - Top Destinations by Bytes
This report ranks the web servers by bytes transferred.

Activity: Web Usage - Top Destinations by Sessions
This report ranks the top web destinations by session count.

Activity: Web Usage - Top Sources
This signature ranks source addresses based on web use.

Attacks: All - All Events
This event details details (event type, destination, source) for all attack events.

Attacks: All - Top Destinations
This report ranks hosts by the number of attacks targetted at each host.

Attacks: All - Top Event Type Groups
This report ranks event type groups that appear in fired correlation rules. The event type groups give a general feeling about the network activity classified as part of an attack by MARS.

Attacks: All - Top Rules Fired
This report ranks rules fired over the past hour by number of incidents. This provides a general feeling about the attack activity in the network. This report is used by pages in the Summary tab.

Attacks: All - Top Sources
This report ranks the sources of attack events seen by MARS over the past hour.

Attacks: Client Exploits - Top Sources
This report ranks hosts by the number of exploits originating from each host.

Attacks: Database Server - Top Event Types
This report ranks attacks on database servers such as MS SQL Server, Oracle and Sybase.

Attacks: FTP Server - Top Event Types
This report ranks attacks on FTP servers.

Attacks: Identity Spoofing - Top Event Types
This report ranks events that represent attempts by an attacker to spoof his/her identity over the past hour.

Attacks: Login Services - Top Event Types
This report ranks attacks on servers providing login services and remote shells. Examples include Telnet, SSH and Berkeley r-protocols.

Attacks: Mail Server - Top Event Types
This report ranks attacks on Mail servers (SMTP, POP, IMAP).

Attacks: Network DoS - Top Event Types
This report ranks attacks that represent network wide denial of service attempts. Such attacks may include crashing or rebooting an inline network device such as router, firewall or switch or increasing network load by creating TCP, UDP or ICMP traffic.

Attacks: Password - All Events
This report details all password attack events.

Attacks: Password - Top Destinations
This report ranks hosts by the number of password attacks attempted on them. Passwords attacks include attempts to (a) capture passwords, either remotely or locally and (b) guess passwords. Password guessing attempts are recorded as authentication failures by IDS and hosts.

Attacks: Password - Top Event Types
This report ranks password retrieving and guessing attacks. The password can be system passwords or application passwords.

Attacks: Password: Locked Accounts - All Events
This report details password attacks on locked/disabled/expired accounts.

Attacks: Password: Restricted Times - All Events
This report details all events that indicate login failures at restricted times - the hosts are specifically configured to disallow access at these hours.

Attacks: RPC Services - Top Event Types
This report ranks attacks on RPC based applications.

Attacks: SANS Top 20 - Top Event Types
This report ranks the attacks that have been included in SANS Top 20 list.

Attacks: SNMP - Top Event Types
This report ranks SNMP based attacks over the past hour.

Attacks: Uncommon or Anomalous Traffic - Top Event Types
This report ranks the events that represent uncommon or anomalous traffic. Uncommon traffic involves ICMP types and TCP/IP options not in common usage or standard traffic on non-standard ports. Anomalous traffic includes traffic that violate IETF or other well known protocol specifications.

Attacks: Virus/Worms - Top Sources
This report ranks addresses that are the source of virus/worm propagation attempts.

Attacks: Web Server/App - Top Event Types
This report ranks attacks on web servers or applications built on top of web servers over the past hour.

Configuration Changes: Network - All Events
This event details all the configuration changes in network devices.

Configuration Changes: Network - Top Event Types
This report summarizes configuration changes to network devices such as firewalls, routers and switches over the past hour.

Configuration Changes: Server - All Events
This event details all configuration changes on hosts (reported by OS or Host IDS agents)

Configuration Changes: Server - Top Event Types
This report summarizes configuration changes to servers over the past hour.

Configuration Changes: Server - Top Reporting Devices
This report summarizes the configuration changes per server over the past hour.

Configuration Issues: Network - All Events
This report lists details for events that indicate configuration error on network devices.

Configuration Issues: Network - Top Reporting Devices
This report summarizes the events that may indicate certain configuration related problems in network devices such as firewalls, routers and switches.

Configuration Issues: Server - All Events
This report lists details for all events that indicate configuration errors on hosts or host applications.

Configuration Issues: Server - Top Reporting Devices
This report summarizes the events that may indicate certain configuration related problems in servers. These are likely to be Host IDS events.

Connectivity Issue: IOS IPS DTM - All Events
This report lists connectivity issues between CS-MARS and IOS IPS devices. Connectivity issues may prevent CS-MARS from turning on ACTIVE signatures on IOS IPS.

Detailed NAC Report
Detailed NAC Report

Operational Issues: Network - All Events
This report lists details about all operational issues on network devices.

Operational Issues: Network - Top Reporting Devices
This report summarizes the events that may indicate operational issues with network devices such as routers, firewalls and Network IDS systems.

Operational Issues: Server - All Events
This report lists details about events that indicate operational errors on hosts or host applications.

Operational Issues: Server - Top Reporting Devices
This report summarizes the events that may indicate operational issues with servers.

Resource Issues: CS-MARS - All Events
This report lists event details for all events related to resource issues with the CS-MARS device, e.g. dropped events or netflow, etc.

Resource Issues: IOS IPS DTM - All Events
This report lists event details that indicate certin IOS IPS routers running low on memory for CS-MARS Distributed Threat Mitigation (DTM). Because of low memory, CS-MARS may not be able to download and activate the complete set of ACTIVE IPS signatures to those IOS IPS devices.

Resource Issues: IOS IPS DTM - Top Devices
This report lists IOS IPS routers that are running low on memory for CS-MARS Distributed Threat Mitigation (DTM). Because of low memory, CS-MARS may not be able to download and activate the complete set of ACTIVE IPS signatures to IOS IPS devices.

Resource Issues: Network - All Events
This report lists event details for all events related to resource issues on network devices such as IDS, routers, firewalls etc.

Resource Issues: Network - Top Reporting Devices
This report summarizes the events that represent resource issues with network devices such as firewalls, routers and switches.

Resource Issues: Server - All Events
This report lists event details for all resource issues on hosts. These are reported by Host IDS or Operating System logs.

Resource Issues: Server - Top Reporting Devices
This report summarizes the events that represent resource issues with servers. These are likely to be Host IDS events.

Resource Utilization: Bandwidth: Inbound - Top Interfaces
This report ranks the inbound bandwidth utilization of the interfaces on the devices managed by PN-MARS.

Resource Utilization: Bandwidth: Outbound - Top Interfaces
This report ranks the outbound bandwidth utilization of interfaces on devices managed by Pn-MARS.

Resource Utilization: CPU - Top Devices
This report ranks the CPU utilization of the devices managed by PN-MARS.

Resource Utilization: CS-MARS - All Events
This report lists event details for all events related to CS-MARS resource utilization, e.g. database partitions, etc.

Resource Utilization: Concurrent Connections - Top Devices
This report ranks the number of concurrent connections established through the devices managed by PN-MARS.

Resource Utilization: Errors: Inbound - Top Interfaces
This report ranks by error rate on the inbound interfaces of the devices managed by PN-MARS.

Resource Utilization: Errors: Outbound - Top Interfaces
This report ranks by error rate on the outbound interfaces of the devices managed by PN-MARS.

Resource Utilization: Memory - Top Devices
This report ranks the memory utilization of the devices managed by PN-MARS.