I am working for a customer implementing MARS 5.3.2 (2764). They have a lot of Windows servers they are receiving events from via SNARE. They would like to be able to execute commands on the servers depending on the event they see. For example, if their UPS system sends a message that the temperature is too hot, they'd like MARS to be able to send a shutdown command to a particular server. Has anyone seen this done and if so can I get a high-level example?
Thanks for any help!!!
No this is not possible in MARS. The maximum you can do is send a regular/XML based email and let some other notification system or action system (like BMC Remedy) take care of the Windows action part.
MARS can take responses automatically only on Cisco Switches. For Other Layer 3 devices like Cisco/Juniper firewalls it can 'suggest' mitigation commands. In newer versions it has better integration with Cisco Security Manager. But windows........I don't think so. Maybe others can suggest something more useful