No announcement yet.

MARS - drop rule - false positive Question

  • Filter
  • Time
  • Show
Clear All
new posts

  • MARS - drop rule - false positive Question

    Hi everybody,

    I wanted to ask whether someone tried to create drop rule (false positive) on MARS with keyword feature.

    I know that creating normal rule to display some data I can use keywords, but when I tried to do sth similar with drop rules I couldn't.

    The problem is that Ive got ASA integrated with MARS, and on ASA every 10 min "show failover" and then "disable" command is being executed. MARS receives its log and interprets it as

    "Firewall user entered a command other than show" - (incident generated)

    so thats why I wanted to create false positive with drop rule.

    Has anyone got any idea how to solve it?

    best regards