We use Microsoft Forefront for our Antivirus/antispyware in our organization. I would like to create a custom package/event/device in MARS. I would like to have the ability for MARS to see if there is a virus infection or if it's spreading inside out network.
I've been talking with our server admin, and he says that the Forefront program logs everything to a SQL database and probably can export syslog info.
I've looked through the MARS documentation (v 6.02) and have the 2 Cisco MARS books, but I find it's still complicated.
Any help would be appreciated.