Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
0
Helpful
1
Replies

MARS Custom Package Help

daniel.litwin
Level 1
Level 1

‎03-05-2009 12:35 PM

We use Microsoft Forefront for our Antivirus/antispyware in our organization. I would like to create a custom package/event/device in MARS. I would like to have the ability for MARS to see if there is a virus infection or if it's spreading inside out network.

I've been talking with our server admin, and he says that the Forefront program logs everything to a SQL database and probably can export syslog info.

I've looked through the MARS documentation (v 6.02) and have the 2 Cisco MARS books, but I find it's still complicated.

Any help would be appreciated.

Dan

Labels:
0 Helpful
1 Reply 1

daniel.litwin
Level 1
Level 1

‎03-12-2009 11:06 AM

Ok. After talking with my server guy, I found out that the Forefront app just logs everything to Microsoft Operations Manager 2005 (MOM 2005).

So now the issue becomes how to get MARS to grab logs from MOM.

Anyknow know?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents