So how can we tell MARS about our Custom IPS Signatures? We can create an XML file, with the details of the Custom Sigs, and upload it to MARS, see below....
Using the Service HTTP Engine, with some simple Regex...
I`ve tested the Custom Signature Works..
MARS uses this number to ensure that the Local Controllers are synchronized with the Global Controller.The Event Type attribute value identifies either an existing MARS event type or a new MARS event type.
And we can see the details..
And now MARS will correctly categorize the event when fired by the IPS.
I`ll carry the Custom IPS theme on, in the next article, with how to add more than one Custom Sig at a time, and some troubleshooting.