Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

More documents

Recommendations

Info

Introducing Host Intrusion Prevention 7.0 Policy tracking and tuning You can reduce the number of false positives by creating exception rules, trusted applications, and firewall rules. • Exception rules are mechanisms for overriding a security policy in specific circumstances. • Trusted applications are application processes that ignore all IPS, Firewall, or Application Blocking rules. • Firewall rules determine whether traffic is permissible, and block packet reception or allow or block packet transmission. Dashboards and queries Dashboards enable you to track your environment by displaying several queries at once. These queries can be constantly refreshed or run at a specified frequency. Queries enable you to obtain data about a particular item and filter the data for specific subsets of that data, for example high-level events reported by particular clients for a specified time period. Reports can be scheduled and sent as an email message. 12 McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0
Managing Your Protection Management of a Host IPS deployment includes monitoring, analyzing, and reacting to activities; changing and updating policies; and performing system tasks. Contents Management of information Management of policies Management of systems Management of information After you have installed Host Intrusion Prevention you can track and report on security issues that arise in your environment. Use the dashboards to get a daily view of the security situation or run queries for detailed information on particular issues. Host IPS activities and dashboards Dashboards, a collection of monitors, are an essential tool for managing your environment. Monitors can be anything from a chart-based query to a small web-application, like the MyAvert Threat Service. You can create and edit multiple dashboards, provided you have the permissions. Use any chart-based query as a dashboard that refreshes at a specified frequency, so you can put your most useful queries on a live dashboard. Host Intrusion Prevention provides a default dashboard with these monitors: • Firewall Status • Host IPS Status • Service Status • Count of IPS Client Rules • Content Versions • Top 10 NIPS Events by Source IP For more information about creating and using dashboards, refer to the ePolicy Orchestator 4.0 documentation. Queries for Host IPS activities Host Intrusion Prevention includes query functionality through ePolicy Orchestrator. You can create useful queries from events and properties stored in the ePO database or use predefined queries. McAfee Host Intrusion Prevention 7.0 Product Guide for use with ePolicy Orchestrator 4.0 13
Page 1 and 2: McAfee Host Intrusion Prevention 7.
Page 3 and 4: Contents Introducing Host Intrusion
Page 5 and 6: Contents Creating firewall rule gro
Page 7 and 8: Introducing Host Intrusion Preventi
Page 9 and 10: Introducing Host Intrusion Preventi
Page 11: Introducing Host Intrusion Preventi
Page 15 and 16: Managing Your Protection Management
Page 25 and 26: Configuring IPS Policies Overview o
Page 27 and 28: Configuring IPS Policies Working wi
Page 45 and 46: Configuring Firewall Policies The F
Page 47 and 48: Configuring Firewall Policies Overv
Page 57 and 58: Configuring Firewall Policies Worki
Page 63 and 64:
Configuring Firewall Policies Worki
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Configuring Application Blocking Po
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Configuring General Policies Workin
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Working with Host Intrusion Prevent
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Index clients (continued) updating
Page 109 and 110:
Index McAfee Default policy (contin
Page 111 and 112:
Index T troubleshooting, Host IPS C
show all

Host Intrusion Prevention 7.0.0 for ePO 4.0 Product Guide - McAfee

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?