McAfee IntruShield IPS

Version : McAfee IntruShield Security Manager Version 4.1 and later.

Netsurion's Open XDR platform supports McAfee IntruShield IPS and it can be configured to send syslog to Netsurion's Open XDR platform.

Netsurion Data Source Integrations for McAfee IntruShield IPS allows you to monitor following:-

  • Monitoring multiple attacks and policy violation.
  • Monitoring Signature detection and prevention.
  • Monitoring Denial of Service(DoS) detection and prevention
  • Monitoring IPS and internal firewall.

Once logs are received in to Netsurion's Open XDR platform, Alerts and reports can be configured into Netsurion's Open XDR platform.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security McAfee IntruShield IPS - Brute-force This alert is generated when brute force attack occurs.
Security McAfee IntruShield IPS - BACKDOOR attack This alert is generated when BACKDOOR attack occurs.
Security McAfee IntruShield IPS - Back Orifice trojan This alert is generated when back orifice trojan is detected.
Security McAfee IntruShield IPS - Exploit This alert is generated when exploitation attack occurs.
Security McAfee IntruShield IPS - Fingerprinting This alert is generated when fingerprinting attack occurs.
Security McAfee IntruShield IPS - FTP login alert This alert is generated when FTP login occurs.
Security McAfee IntruShield IPS - Host sweep This alert is generated when host sweep event occurs.
Security McAfee IntruShield IPS - MSSQL user login failed This alert is generated when MSSQL user login failure occurs.
Security McAfee IntruShield IPS - NBTSTAT scan This alert is generated when NBTSTAT scan occurs.
Security McAfee IntruShield IPS - Port-scan This alert is generated when port-scan activity occurs.
Security McAfee IntruShield IPS - RADIUS attack This alert is generated when RADIUS attack occurs.
Security McAfee IntruShield IPS - SITE EXEC exploit This alert is generated when SITE EXEC exploit occurs.
Security McAfee IntruShield IPS - SMTP worm spread via attachment This alert is generated when SMTP worm spreads by attachment.
Security McAfee IntruShield IPS - SQL system alert This alert is generated when SQL system activity occurs.
Security McAfee IntruShield IPS - Telnet login Brute force This alert is when generated telnet login occurs by brute force.
Security McAfee IntruShield IPS - Virus/worm file share spread This alert is generated when virus/worm is spread by shared file.

Reports

Type Name Description
Security McAfee Intrushield - IPS attack detail report This report provides information related to intrusion attacks which includes attack name,attack source,attack destination,attack category,attack severity and attack status fields.

Documentation

The configuration details are consistent with Netsurion Enterprise version 7.X and later, and McAfee IntruShield IPS,IntruShield Security Manager Version 4.1 and later.

Download Integration Guide for more information.