MARS checkpoint Integration

Similar Messages

• Checkpoint Firewall Management Server Lost Identity in MARS

  About a month ago, we added our Checkpoint firewall to MARS as well as the 2 Firewall agents who reported to the device. The devices were recognized and running properly.
  At some point in the last week, the Checkpoint management server lost it's identity within MARS. Instead of being recognized as a Checkpoint device, the server is now considered a "Generic Router Version Unknown" via the Device Type.
  The agent firewalls beneath this device still exist as desired, but MARS is no longer recording logs for the primary device.
  I'm ready to remove and recreate the device, but I'm interested to figure out how this could have happened. Nothing in the Audit Trail points to any weird configuration changes.
  I've posted a picture here: http://pixpin.com/viewer.php?file=mars-checkpoint-j1zc.jpg

  It might have to do with bug CSCse03097 - CheckPoint LEA record comes to MARS later and later for better understanding

• Are there any known problems accessing yahoo e-mails with firefox 8.0?

  Windows XP SP3
  firewall is checkpoint integrity client
  anti virus is avast
  can log on to yahoo and view inbox OK, but when I try to open an e-mail I get the following message:
  Sorry, your session has expired. To protect your account, you need to confirm your password periodically.Sign In Again
  The sign in button does nothing, I can sign out OK , but the problem persists when I log on again.
  This happens with all yahoo e-mail accounts
  Yahoo email works OK running under google chrome. Both browsers have the same proxy settings (system settings).

  Found the answer. When the username is an LDAP DN it needs to be proceeded by "dn:".
  example: username="dn:uid=bgbrown,ou=people,dc=siroe,dc=com"
  The server also accepts a simple uid value.
  example: username="bgbrown"

• GEF4 Setup Error - FXCanvas cannot be resolved to a type

  Hallo,
  I tried to setup the development environment for GEF4, as specified in the GEF Contributor guide, and I found the following error:
  FXCanvas cannot be resolved to a type.
  (se attached file)
  This error is persistent, and it seems i am not able to find a solution despite I tried multiple times to setup the environment, as specified in the GEF/GEF4 contributor guide .
  This is the list of steps I followed for the setup
  Check Java 8 (oracle) is installed, that is required by the e(fx)clipse plugin.
  Download Eclipse IDE for Eclipse Committers. In my case: eclipse-committers-mars-R-win32.zip
  Install plugins needed by GEF4, in my case:
  e(fx)clipse - IDE, from http://download.eclipse.org/efxclipse/simrel-contrib/mars/m7/tools/site
  e(fx)clipse - IDE - PDE, from http://download.eclipse.org/efxclipse/simrel-contrib/mars/m7/tools/site
  API Tools Execution Environment Descriptions, from: http://download.eclipse.org/eclipse/updates/4.5-I-builds
  Oomph Version Management, from: http://download.eclipse.org/releases/mars'
  Maven Integration for Eclipse (includes Incubating components), from: http://download.eclipse.org/releases/mars
  Clone the GEF4 Git repository and import the projects in the workspace
  Set MARS.target: from org.eclipse.gef4.target project, double click the target definition, wait for the target is fully resolved, and click on "set as target platform".
  Adjust preferences. select Menu > Window > Preferences:
  Java > Compiler > Errors/Warnings: ignore the "Deprecated and restricted API"
  Plug-in Development > Compilers: Ignore the "References to discouraged classes"
  At the end of the setup, I can not compile the GEF4 project, because "FXCanvas cannot be resolved to a type. "
  See image.
  Does anyone has an idea on how to fix this ?
  Kind Regards.
  Patrik

  I updated the respective section of the contributor guide to make it even more explicit, why the "Specify Execution Environment for J2SE-1.7 (and optionally J2SE-1.8)" is important. I also saw that the guide still listed the e(fx)clipse 2.0.0 Mars M7 contribution. I updated it to refer to the e(fx)clipse 2.0.0 Mars release. You might want to update your IDE accordingly.

• Cisco Works Integration with MARS

  Can cisco works be integrated with MARS. I mean cisco works is acting as a syslog server for some switches. Can mars pull the records from Cisco Works and use it for its co-relation

  As Michael pointed out, configuring two syslog destinations on your switch is possible, and allows the switch to send to both CiscoWorks and CS-MARS simultaneously.  This affords the safety that should one system be down, the other system will continue to receive syslog events from the switches.  Should you not wish to configure two logging destinations on your switch, you could configure your switches to send their syslogs to CS-MARS and configure CS-MARS to relay the received syslog messages to CiscoWorks.  This options is outlined in the CS-MARS user guide:
  http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/cfgOver.html#wpmkr181270
  Scott

• An error occures during discovery checkpoint in Cisco MARS

  Hello,
  I am trying to add checkpoint firewall NGX R65 to Cisco MARS. Certificate was pulled successfully from checkpoint. But discovery doesn't work
  When I start "Discovery" I get the message - "Error occured while discovering device". When I am choosing "View error" I see the message - "There is no Error Log for this Device".
  As I understand this issue doesn't mean ok with discovery.
  Could you tell me what can I see if discovery will be ok?
  Is it obligatory to add route info?
  Is it obligatory to add snmp?
  Which is checkpoint OPSEC should I use for R65? Are NG AI or NG FP3 or NGX?
  I use  NGX.
  I would be gratefully if you help me.
  Thank you in advance

  As long as you just need to collect/analyse logs from your FW you don't have to "Discover" the device. Just click 'Next' and 'Submit' to add device.

• Can MARS 6.0.5 gets logs from CheckPoint NGX 6.5 running in a Cluster?

  Can MARS 6.0.5 gets logs from CheckPoint NGX 6.5 running in a Cluster? Active/Standby
  Can MARS 6.0.5 gets logs from CheckPoint NGX 6.5?
  Can you use MARS 6.0.5 with CheckPoint NGX 6.5?

  Hi Bryan,
  Yes, you can use MARS with checkpoint. You will need to make the MARS device an OPSEC client and exchange SIC keys with the firewall managers. It's not too hard and there is a pretty decent guide here:
  http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/chCheckPointDevices.html
  I've been using this with R65, R61 and R55 and haven't had any problems with it.
  Let me know if you need a hand.
  Erric

• CSM 3.1 and CS-MARS 4.3 integration

  Hi, a simple question: does CS-MARS 4.3 integrate with CSM 3.1 only for log to security rules match ?
  thank you in advance
  RS

  You are right, CSM and CS-MARS integration is only for log to security rules match. As of now no other functionality is provided.

• MARS 4.2 and CSAgent 5.1 Integration

  Two questions regarding CSA 5.1 and MARS 4.2.2:
  1. Anybody have any experiences with the integration of MARS and CSA MC? In particular, what types of CSA events did you find were most useful to have trigger
  an alert to MARS?
  2. Am I correct that there is currently no way to customize the types of alerts in CSA which can trigger an email message or an SNMP trap to a MARS box? I don't see anyway to do this under the Alerts section of the Events pull-down menu.
  Thank you in advance!

  To answer my own first question:
  We have added CSA MC to MARS and have CSA MC forward SNMP events to MARS. MARS then discovered all the devices that were reporting to CSA MC automatically. This is a very cool feature when you have version 4.x of MARS and 5.x of CSA.
  I believe the answer to my second question involves using Event Sets to customize the types of alerts in CSA which can trigger an email message or an SNMP trap to MARS.
  I'll post again after testing it. Though if I am mistaken somebody please set me straight.
  Thanks in advance!

• MARS 5.2.7 integration with ACS 4.1

  Hello
  I cannot find any documentation I can follow to integrate MARS with ACS. I mean I want to use ACS to authenticate user in MARS.
  Any of you know if MARS 5.2.7 has this feature? If yes can please give some info where to find docs?
  Thank you really much
  Best regards Antonello.

  HI ,
  LMS 4.0 no longer integrates with ACS the way that LMS 3.x did.  You  can still use ACS for authentication in LMS 4.0, but for authorization,  each user must have a local account in LMS, and the roles will be  assigned using LMS 4.0's new RBAC.  Users are defined under Admin >  System > User Management > Local User Setup, and roles are defined  under Admin > System > User Management > Role Management  Setup.
  By default, if a user does not have an account in LMS, they will receive the Help Desk role
  Please check the below link:
  http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/security.html#wp1100379
  Thanks-
  Afroz
  [Do rate the useful post]

• Help - Symantec Enpoint Manager 11.x - MARS integration

  I'm at a loss here. I have raw messages that regardless of whether a keyword rule is created to handle them or a custom parser. No matter what MARS simply ignores the messages as parsing errors. MARS has built in support for Symantec AV 10 and lower but nothing for version 11. Is this going to change in the near future and has anyone else run into this problem and been able to create a customer parser to deal with the messages (specifically Virus Found alerts coming from the endpoint manager).
  Here is an expample of the actual text I am trying to work with.....
  Parsing error or event type unknown: <54>Sep 26 00:37:22 SymantecServer HOSTNAME123: Virus found,Computer name: HOSTNAME123,Source: Real Time Scan,Risk name: EICAR Test String,Occurrences: 1,C:/Documents and Settings/XXXXXX/Desktop/eicar_com.txt,"",Actual action: Cleaned by deletion,Requested action: Cleaned,Secondary action: Quarantined,Event time: 2008-09-26 00:32:54,Inserted: 2008-09-26 00:37:22,End: 2008-09-26 00:32:54,Domain: XXX.local,Group: Global\Sec Servers,Server: HOSTNAME123,User: XXXXXXXX,Source computer: ,Source IP: 0.0.0.0

  I see a previous post that summed it up. There is no support for SEP 11.x in CS-MARS... This is very disappointing. If anyone has any information on making this work via a custom parser please post a reply. I an many others would be most grateful.

• MARS and Qualys vulnerability scanning integration

  What does adding Qualys vulnerability scan data to MARS allow MARS, help MARS to do?
  Does it help MARS identify an alert as a false positive in the context of a host which Qualys says isn't vulnerable OR does it do something else like when the Qualys data is retrieved simply listing each vulnerability as an incident?

  My understanding was the Qualys would inform MARS if a system was really vulnerable or not based on it's (the qualys box) information of the situation.
  http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgVulAs.html
  Erric

• Mcafee ePO4 integration into CS-MARS

  Hi,
  CS-MARS Version details - 6.0.6 ( 3368 )
  We have setup ePO4 and CS-MARS correctly as per cisco document but CS-MARS does not see any traps coming from ePo server. SNMPWALK is working fine. I have captured packet from ePO4 using tcpdump but no packets seen.
  I think I am missing one thing configuring snmp community string to access/read traps on. I have check all the options, but I didnt find any setiing related to that one. I appreciate your assistance on this please. Thanks.

  If you are not seeing any traps coming from ePO4, then you would need to check on ePO4 server itself on why it's not sending snmp traps.
  MARS can only receive snmp traps, and if it's not being sent by the ePO server, there is much that can be done from MARS' perspective.

• Integrations of other technologies with MARS V. 4.2.8

  What is the status of compatibility and operation ability with MARS V. 4.2.8?
  1-Symantec END-POINT Protection V 11
  2-Cisco CSA MC V5.2
  3-Cisco Clean Access Control Appliance
  4-Cisco Security Manager V3.0.1

  Please have a look at the following links:
  http://www.cisco.com/en/US/products/ps6241/products_device_support_table09186a0080467232.html
  http://www.cisco.com/en/US/docs/security/security_management/cs-mars/4.2/release/notes/rn428.html#wp1279164
  I would highly recommend to upgrade to at least ver 4.3.5 or 4.3.4
  Regards
  Farrukh

• Virgo Tools for Eclipse Luna and Mars

  Hi all,
  I tried to install the Virgo Tools both in Eclipse Luna and in Mars (JEE packages), from this update site:
  "Virgo IDE Releases" - http://download.eclipse.org/virgo/release/tooling
  - Eclipse Virgo Tools 1.0.1.201302270038-RELEASE
  but I got errors (see below).
  Instead all il working well with Kepler.
  Some suggestions?
  Thank you very much.
  Vincenzo
  ================================================
  Cannot complete the install because of a conflicting dependency.
  Software being installed: Eclipse Virgo Tools 1.0.1.201302270038-RELEASE (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201302270038-RELEASE)
  Software currently installed: Eclipse IDE for Java EE Developers 4.5.0.20150621-1200 (epp.package.jee 4.5.0.20150621-1200)
  Only one of the following can be installed at once:
  OSGi System Bundle 3.8.1.v20120830-144521 (org.eclipse.osgi 3.8.1.v20120830-144521)
  OSGi System Bundle 3.10.100.v20150529-1857 (org.eclipse.osgi 3.10.100.v20150529-1857)
  Cannot satisfy dependency:
  From: Eclipse IDE for Java EE Developers 4.5.0.20150621-1200 (epp.package.jee 4.5.0.20150621-1200)
  To: org.eclipse.epp.package.jee.feature.feature.group
  Cannot satisfy dependency:
  From: EPP Java EE IDE Feature 4.5.0.20150621-1200 (org.eclipse.epp.package.jee.feature.feature.group 4.5.0.20150621-1200)
  To: org.eclipse.m2e.feature.feature.group 0.0.0
  Cannot satisfy dependency:
  From: Maven Integration for Eclipse 1.6.0.20150526-2032 (org.eclipse.m2e.core 1.6.0.20150526-2032)
  To: bundle org.eclipse.osgi 3.10.0
  Cannot satisfy dependency:
  From: m2e - Maven Integration for Eclipse (includes Incubating components) 1.6.0.20150526-2032 (org.eclipse.m2e.feature.feature.group 1.6.0.20150526-2032)
  To: org.eclipse.m2e.core
  Cannot satisfy dependency:
  From: Eclipse Virgo Tools 1.0.1.201302270038-RELEASE (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201302270038-RELEASE)
  To: org.eclipse.virgo.ide.manifest.core [1.0.1.201302270038-RELEASE]
  Cannot satisfy dependency:
  From: Eclipse Virgo IDE (Manifest Core) 1.0.1.201302270038-RELEASE (org.eclipse.virgo.ide.manifest.core 1.0.1.201302270038-RELEASE)
  To: bundle org.eclipse.virgo.kernel.artifact 0.0.0
  Cannot satisfy dependency:
  From: Virgo Kernel Artifact Integration 3.6.0.RELEASE (org.eclipse.virgo.kernel.artifact 3.6.0.RELEASE)
  To: package org.eclipse.virgo.nano.serviceability [3.6.0,3.7.0)
  Cannot satisfy dependency:
  From: Virgo Nano Core 3.6.0.RELEASE (org.eclipse.virgo.nano.core 3.6.0.RELEASE)
  To: package org.eclipse.osgi.internal.baseadaptor 0.0.0

  Sorry, I have to correct myself: today I retried with a brand new Mars/JEE+Java8 and a brand new workspace:
  the error is related to missing org.json bundle.
  Cannot complete the install because one or more required items could not be found.
  Software being installed: Eclipse Virgo Tools 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201506260038-SNAPSHOT)
  Missing requirement: Eclipse Virgo IDE (Server Core) 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.runtime.core 1.0.1.201506260038-SNAPSHOT) requires 'bundle org.json 0.0.0' but it could not be found
  Cannot satisfy dependency:
  From: Eclipse Virgo Tools 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201506260038-SNAPSHOT)
  To: org.eclipse.virgo.ide.runtime.core [1.0.1.201506260038-SNAPSHOT]
  seems like Mars/JEE doesn't contain org.json ... which is quite strange ...
  With Mars/JEE+Java7 instead the detailed error is:
  Cannot complete the install because one or more required items could not be found.
  Software being installed: Eclipse Virgo Tools 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201506260038-SNAPSHOT)
  Missing requirement: OSGi Framework Editor UI (Incubation) 0.2.0.201206060754 (org.eclipse.libra.framework.editor.ui 0.2.0.201206060754) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
  Missing requirement: OSGi Framework Editor UI (Incubation) 0.3.0.201212132137 (org.eclipse.libra.framework.editor.ui 0.3.0.201212132137) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
  Missing requirement: OSGi Framework Editor UI (Incubation) 0.3.0.201305070844 (org.eclipse.libra.framework.editor.ui 0.3.0.201305070844) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
  Missing requirement: OSGi Framework Editor UI (Incubation) 0.3.0.201305151323 (org.eclipse.libra.framework.editor.ui 0.3.0.201305151323) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
  Missing requirement: OSGi Framework Editor UI (Incubation) 0.3.0.201305311343 (org.eclipse.libra.framework.editor.ui 0.3.0.201305311343) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
  Missing requirement: OSGi Framework Editor UI (Incubation) 0.3.1.201405141436 (org.eclipse.libra.framework.editor.ui 0.3.1.201405141436) requires 'bundle org.eclipse.zest.core [1.0.0,2.0.0)' but it could not be found
  Cannot satisfy dependency:
  From: Eclipse Virgo Tools 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.feature.feature.group 1.0.1.201506260038-SNAPSHOT)
  To: org.eclipse.virgo.ide.runtime.ui [1.0.1.201506260038-SNAPSHOT]
  Cannot satisfy dependency:
  From: Eclipse Virgo IDE (Server UI) 1.0.1.201506260038-SNAPSHOT (org.eclipse.virgo.ide.runtime.ui 1.0.1.201506260038-SNAPSHOT)
  To: bundle org.eclipse.libra.framework.editor.ui 0.0.0
  With Luna/JEE SR2 instead all is working well, both with Java7 and Java8
  Vincenzo