Integration with McAfee Host Intrusion Prevention

McAfee® Network Security Platform integrates with McAfee® Host Intrusion Prevention version 8.0.

Host Intrusion Prevention is a Host-based intrusion prevention system, which prevents external and internal attacks on the hosts in the network, thus protecting services and applications running on them.

Host Intrusion Prevention is now completely integrated with McAfee ePO™ 5.10.0. The Manager uses an McAfee ePO™ extension file to obtain real-time Host Intrusion Prevention events from the McAfee ePO™ server. The extension file (NSPExtension.zip) needs to be downloaded from the Manager , and installed on the McAfee ePO™ server using McAfee ePO™ console. Once the extension file is installed on the McAfee ePO™ console, ensure that the Host Intrusion Prevention extension is also installed on the McAfee ePO™ server. You can use the Download the ePO extension for the Network Security Manager here link in the Enable page (Manager<Admin Domain Name>Integration HIP Enable) to download the (NSPExtension.zip) extension.

Within the Manager's context, the Host Intrusion Prevention integration functions like a Sensor. In other words, Manager treats the McAfee ePO™ server running the server portion of the Host Intrusion Prevention software as a special type of Sensor. That is, the Manager receives the events information from Host Intrusion Prevention, incorporates these events into its database and provides these events for further viewing/actions in the Attack Log and reports, like any other Network Security Platform alert.

Configure the Host Intrusion Prevention Sensor in the Manager by providing a name and a shared secret key. You need to then configure that Manager's IP address and the shared secret on the McAfee ePO™ server console as well. Once trust is established, the Host Intrusion Prevention Sensor is displayed in the Device drop-down list of the Manager . You can use the Add a virtual Host Intrusion Prevention sensor here link in the Enable page (Manager<Admin Domain Name>Integration HIP Enable) to begin the process of configuring the Host Intrusion Prevention Sensor in the Manager .

The Host Intrusion Prevention events are displayed in the Attack Log. You can view the alerts by filtering the Host Intrusion Prevention device in the Device column of the Attack Log page.

Note: Only Host Intrusion Prevention IPS events are sent to the Manager.
Note: Quarantine is not applicable to Host Intrusion Prevention events in the Attack Log.

In case of MDR pair, alerts are sent to both the active and the standby Manager .