Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
5
Helpful
2
Replies

Black ICE logging into MARS

ab_parkhi
Level 1
Level 1

‎08-07-2007 02:46 PM - edited ‎03-09-2019 06:33 PM

Hi,

We have Host based IPS Balck ICE and we are tring to log alerts into MARS.

Is there any way to do this.

Thanks in advance

Aniruddha

Labels:
0 Helpful
2 Replies 2

ksimsimon
Level 1
Level 1

‎08-08-2007 02:37 AM

Hello Aniruddha,

the best way is to search on ISS side:

http://iss.custhelp.com/cgi-bin/iss.cfg/php/enduser/std_alp.php

or open there a question.

ISS is now supported from Siemens and Black ICE will be end of support next year

regards

Klaus

0 Helpful

mhellman
Level 7
Level 7

‎08-08-2007 05:14 AM

AFAICT, it isn't supported directly. MARS does support ISS RealSecure 6.5 and 7.0, but those products are in a different solution space...so the events they emit are likely to be different. You can create custom parsers for MARS, you'll have to figure out whether:

1) BlackICE can send events to MARS via syslog or SNMP

2) whether you can get the format of the messages and a complete list of them

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents