08-07-2007 02:46 PM - edited 03-09-2019 06:33 PM
Hi,
We have Host based IPS Balck ICE and we are tring to log alerts into MARS.
Is there any way to do this.
Thanks in advance
Aniruddha
08-08-2007 02:37 AM
Hello Aniruddha,
the best way is to search on ISS side:
http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_alp.php
or open there a question.
ISS is now supported from Siemens and Black ICE will be end of support next year
regards
Klaus
08-08-2007 05:14 AM
AFAICT, it isn't supported directly. MARS does support ISS RealSecure 6.5 and 7.0, but those products are in a different solution space...so the events they emit are likely to be different. You can create custom parsers for MARS, you'll have to figure out whether:
1) BlackICE can send events to MARS via syslog or SNMP
2) whether you can get the format of the messages and a complete list of them
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide