Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
5
Helpful
2
Replies

Black ICE logging into MARS

ab_parkhi
Level 1
Level 1

‎08-07-2007 02:46 PM - edited ‎03-09-2019 06:33 PM

Hi,

We have Host based IPS Balck ICE and we are tring to log alerts into MARS.

Is there any way to do this.

Thanks in advance

Aniruddha

Labels:
0 Helpful
2 Replies 2

ksimsimon
Level 1
Level 1

‎08-08-2007 02:37 AM

Hello Aniruddha,

the best way is to search on ISS side:

http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_alp.php

or open there a question.

ISS is now supported from Siemens and Black ICE will be end of support next year

regards

Klaus

0 Helpful

mhellman
Level 7
Level 7

‎08-08-2007 05:14 AM

AFAICT, it isn't supported directly. MARS does support ISS RealSecure 6.5 and 7.0, but those products are in a different solution space...so the events they emit are likely to be different. You can create custom parsers for MARS, you'll have to figure out whether:

1) BlackICE can send events to MARS via syslog or SNMP

2) whether you can get the format of the messages and a complete list of them

Customers Also Viewed These Support Documents