I had a couple of general questions about McAfee's HIPS product.
1. Does it have the ability to inspect unencrypted network traffic (headers, and payload)?
2. Does it have the ability to inspect encrypted (SSL) traffic at the host level prior to it being encyrpted on the wire?
3. Can you create rules based on regular expressions for HIPS? (example similar to what you would do with TCPdump or snort flag based on certain traffic)
Any responses would be very helpful even if you don't know the answer to all 3 questions. If you need more information in order to understand my question(s) please say so and I will reply.
Thanks in advance.
Message was edited by: amcnic1 on 1/14/12 9:08:16 PM CST