McAfee IntruShield IPS

Version : McAfee IntruShield Security Manager Version 4.1 and later.

Netsurion Open XDR supports McAfee IntruShield IPS and it can be configured to send syslog to Netsurion Open XDR.

Netsurion Data Source Integrations for McAfee IntruShield IPS allows you to monitor following:-

  • Monitoring multiple attacks and policy violation.
  • Monitoring Signature detection and prevention.
  • Monitoring Denial of Service(DoS) detection and prevention
  • Monitoring IPS and internal firewall.

Once logs are received into Netsurion Open XDR, alerts and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security McAfee IntruShield IPS – Brute-force This alert is generated when brute force attack occurs.
Security McAfee IntruShield IPS – BACKDOOR attack This alert is generated when BACKDOOR attack occurs.
Security McAfee IntruShield IPS – Back Orifice trojan This alert is generated when back orifice trojan is detected.
Security McAfee IntruShield IPS – Exploit This alert is generated when exploitation attack occurs.
Security McAfee IntruShield IPS – Fingerprinting This alert is generated when fingerprinting attack occurs.
Security McAfee IntruShield IPS – FTP login alert This alert is generated when FTP login occurs.
Security McAfee IntruShield IPS – Host sweep This alert is generated when host sweep event occurs.
Security McAfee IntruShield IPS – MSSQL user login failed This alert is generated when MSSQL user login failure occurs.
Security McAfee IntruShield IPS – NBTSTAT scan This alert is generated when NBTSTAT scan occurs.
Security McAfee IntruShield IPS – Port-scan This alert is generated when port-scan activity occurs.
Security McAfee IntruShield IPS – RADIUS attack This alert is generated when RADIUS attack occurs.
Security McAfee IntruShield IPS – SITE EXEC exploit This alert is generated when SITE EXEC exploit occurs.
Security McAfee IntruShield IPS – SMTP worm spread via attachment This alert is generated when SMTP worm spreads by attachment.
Security McAfee IntruShield IPS – SQL system alert This alert is generated when SQL system activity occurs.
Security McAfee IntruShield IPS – Telnet login Brute force This alert is when generated telnet login occurs by brute force.
Security McAfee IntruShield IPS – Virus/worm file share spread This alert is generated when virus/worm is spread by shared file.

Reports

Type Name Description
Security McAfee Intrushield – IPS attack detail report This report provides information related to intrusion attacks which includes attack name,attack source,attack destination,attack category,attack severity and attack status fields.

Documentation

The configuration details are consistent with Netsurion Open XDR 7.x and later, and McAfee IntruShield IPS,IntruShield Security Manager Version 4.1 and later.

Download Integration Guide for configuration instructions and more information.