Black ICE logging into MARS

Unanswered Question
Aug 7th, 2007


We have Host based IPS Balck ICE and we are tring to log alerts into MARS.

Is there any way to do this.

Thanks in advance


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
mhellman Wed, 08/08/2007 - 05:14

AFAICT, it isn't supported directly. MARS does support ISS RealSecure 6.5 and 7.0, but those products are in a different solution the events they emit are likely to be different. You can create custom parsers for MARS, you'll have to figure out whether:

1) BlackICE can send events to MARS via syslog or SNMP

2) whether you can get the format of the messages and a complete list of them


This Discussion