Showing results for 
Search instead for 
Did you mean: 
Level 7

Can HIPS trigger an event when an IPS/Firewall Policy is breached?

I can already detect when a user tries to access the Internet when they are not connected to our company LAN or VPN through a firewall rule - but I would like to be able to trigger an action when such an event is detected. Specifically, I would like to run a script or an executable file.

I recently spoke to McAfee support and they confirmed that there is no way that an action can be triggered when a firewall policy is breached. However, I still believe that there is a way to acheive this - maybe through the use of IPS custom signatures.

Could someone confirm whether this is the case? And if so, if there is a good resource for learning how to write such a custom IPS signature (I am already aware of the official McAfee document dedicated to this).

Thanks in advance.

0 Kudos