Network intelligence

Question

Does XG currently have any ability to receive network intelligence reports from internal hosts? If our internal netscaler/OWA/SSH/etc server was seeing a lot of password guessing attempts from a given source IP, I would like the firewall to start blocking that IP. Basically a distributed fail2ban. 
 XG can block password guess attempts for its own services, but by definition can't reliably tell a failed SSH/SCP/SFTP login attempt from a good one when the service is on the internal network. 
 The API seems to be extensive enough that I could roll my own, but maybe such a thing already exists or is already being worked on for XG? 
 thanks 
 James

lferrara · Answer

James, 
 creating firewall rules in order to block let's say host A from reaching Server B (this is possible if both are on different LAN managed and filtered by XG) can be achieved using API. 
 This can be generated from your own IDS systems as a script where it catches the source IP and then using variables launches a script that connect to XG and create a firewall rule on the fly. 
 With API you can also delete, turn off/on firewall rules. I did not see something like that on community but a simple get of firewall rules using API will give you the idea on what the XML code is and what it is necessary to change. 
 More info here: 
 http://docs.sophos.com/nsg/sophos-firewall/v16056/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FAppendixGGuides.html%23 
 Feel free to share here your work. 
 Regards