RicheeJJJ_2 Mon, 06/01/2009 - 10:57
User Badges:

yeah. There's a couple ways to do it.

You could add a new device type which would be "add SW security apps on new host", and then the next screen lets you specify it to be a generic web server.

Or you could install snort on the windows server to send SNMP traps to MARS.

Then on MARS add new device and make device type "add SW security apps on new host". From there you can specify that its a snort message that it expects to see.

dragnia_s Tue, 06/02/2009 - 00:47
User Badges:


In the first option what should be configured on the server side?

Will the second option return http logs or specific snort logs? how will it work?



This Discussion