we currently are installing the NTBA software and did integrate it in the NSM. Both in Version 7.5.
First step for reporting and alerting.
Next should be a bit more advanced.
Besides the analysis, correlations and forensics I would like to have an active integration between NTBA and IPS.
Means in particular situations the NTBA shall alert and send a command to the IPS which tells her to block the souspicious sessions between a sender and destination. Based on the bad reputation of the sender address.
E.g. in case the NTBA may detect an unusual high number of drive mappings initiated by one IP it should alert the admins and the IPS shall block the communication.
All these communications are internal within a WAN.
Does sombody knwo whether this is possible and if yes in which dicument I have to look in?
Thanks in advance
Nachricht geändert durch flyingunicorn on 02.07.13 11:52:32 CDT