AnsweredAssumed Answered

Automating IPS

Question asked by Mike Painter on Aug 29, 2017
Latest reply on Sep 28, 2018 by Manuel Kuback
In short, it would be great if Check Point could interface with a vulnerability scanner to automatically configure IPS rules based off various parameters. Wishful thinking, perhaps?
 
For example, lets say anything with a CVSS of 1-4 is inactive, 5-7 is in detect, and 8-10 is protect. You could then run this against the Confidence and Performance Impact of the IPS rules. Say something is a CVSS of 9, Confidence of IPS rule is Low and Performance High, perhaps it will only be in detect mode and only apply to those machines that are vulnerable. Then, if you choose to override it yourself, you can. Over time, as updates are applied, IPS gets trimmed back automatically, and as new vulnerabilities are discovered, IPS also keeps up.  This would take things to that next level of enabling JUST what you need automatically.
 
Are there any products out there that do this, or has anyone tinkered with the API for this?

Outcomes