McAfee IntruShield IPS
Version : McAfee IntruShield Security Manager Version 4.1 and later.
Netsurion Open XDR supports McAfee IntruShield IPS and it can be configured to send syslog to Netsurion Open XDR.
Netsurion Data Source Integrations for McAfee IntruShield IPS allows you to monitor following:-
- Monitoring multiple attacks and policy violation.
- Monitoring Signature detection and prevention.
- Monitoring Denial of Service(DoS) detection and prevention
- Monitoring IPS and internal firewall.
Once logs are received into Netsurion Open XDR, alerts and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | McAfee IntruShield IPS – Brute-force | This alert is generated when brute force attack occurs. |
| Security | McAfee IntruShield IPS – BACKDOOR attack | This alert is generated when BACKDOOR attack occurs. |
| Security | McAfee IntruShield IPS – Back Orifice trojan | This alert is generated when back orifice trojan is detected. |
| Security | McAfee IntruShield IPS – Exploit | This alert is generated when exploitation attack occurs. |
| Security | McAfee IntruShield IPS – Fingerprinting | This alert is generated when fingerprinting attack occurs. |
| Security | McAfee IntruShield IPS – FTP login alert | This alert is generated when FTP login occurs. |
| Security | McAfee IntruShield IPS – Host sweep | This alert is generated when host sweep event occurs. |
| Security | McAfee IntruShield IPS – MSSQL user login failed | This alert is generated when MSSQL user login failure occurs. |
| Security | McAfee IntruShield IPS – NBTSTAT scan | This alert is generated when NBTSTAT scan occurs. |
| Security | McAfee IntruShield IPS – Port-scan | This alert is generated when port-scan activity occurs. |
| Security | McAfee IntruShield IPS – RADIUS attack | This alert is generated when RADIUS attack occurs. |
| Security | McAfee IntruShield IPS – SITE EXEC exploit | This alert is generated when SITE EXEC exploit occurs. |
| Security | McAfee IntruShield IPS – SMTP worm spread via attachment | This alert is generated when SMTP worm spreads by attachment. |
| Security | McAfee IntruShield IPS – SQL system alert | This alert is generated when SQL system activity occurs. |
| Security | McAfee IntruShield IPS – Telnet login Brute force | This alert is when generated telnet login occurs by brute force. |
| Security | McAfee IntruShield IPS – Virus/worm file share spread | This alert is generated when virus/worm is spread by shared file. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | McAfee Intrushield – IPS attack detail report | This report provides information related to intrusion attacks which includes attack name,attack source,attack destination,attack category,attack severity and attack status fields. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x and later, and McAfee IntruShield IPS,IntruShield Security Manager Version 4.1 and later.
Download Integration Guide for configuration instructions and more information.