The main target of M-ICE are hostbased ID Systems but it is also possible to interoperate with other IDS architectures as long as they use the open and standarized message format IDMEF. The main goal of M-ICE is to fit for every infrastructure and to be highly adaptable. M-ICE basically consists of only three daemons that can be customized by loading binary modules to fulfill all needed tasks and more.
Modules can be used to:
- Filter log-data (client)
- Pseudonymize log-data (client)
- Put raw log-data in a more usable format (client)
- Decode packages sent by other M-ICE components
- Store log-data/alerts in a database
- Analyze data - manage detected alarms
- Execute reactions (client, or elsewhere)
All parts of M-ICE can be installed on only one host or each on different hosts in a TCP/IP network. This fact gives an administrator the freedom to to handle different needs by using only one system. At the moment M-ICE is not ready for use in a production environment.