I can already detect when a user tries to access the Internet when they are not connected to our company LAN or VPN through a firewall rule - but I would like to be able to trigger an action when such an event is detected. Specifically, I would like to run a script or an executable file.
I recently spoke to McAfee support and they confirmed that there is no way that an action can be triggered when a firewall policy is breached. However, I still believe that there is a way to acheive this - maybe through the use of IPS custom signatures.
Could someone confirm whether this is the case? And if so, if there is a good resource for learning how to write such a custom IPS signature (I am already aware of the official McAfee document dedicated to this).
Thanks in advance.