MARS Custom Package Help

Unanswered Question
Mar 5th, 2009

We use Microsoft Forefront for our Antivirus/antispyware in our organization. I would like to create a custom package/event/device in MARS. I would like to have the ability for MARS to see if there is a virus infection or if it's spreading inside out network.

I've been talking with our server admin, and he says that the Forefront program logs everything to a SQL database and probably can export syslog info.

I've looked through the MARS documentation (v 6.02) and have the 2 Cisco MARS books, but I find it's still complicated.

Any help would be appreciated.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
daniel.litwin Thu, 03/12/2009 - 11:06

Ok. After talking with my server guy, I found out that the Forefront app just logs everything to Microsoft Operations Manager 2005 (MOM 2005).

So now the issue becomes how to get MARS to grab logs from MOM.

Anyknow know?


This Discussion