Do you know any solution (better if open source) to compare IDS and IPS logs in such a way that IDS logs are used to automatically enforce IPS rules? I googled around but all I found was a reference to SnortAlog. Thanks in advance for any hint.
No, because of spoofing. Consider that an IPS blocks automatically every hosts that seems to attack them. Now, as an attacker, I'd spoof all relevant legitimate hosts, and the IPS would block access to them - a wonderful Denial of Service, trademark "self-created". Without a whitelist, you'll even disconnect yourself from your very own hosts, f.e. a DNS server.
Dump the idea of an IPS for the mentioned reasons. Carefully calculate the actual costs of sensibly reading and evaluating the IDS output, and compare it to the marginal security benefits it offers - and most likely you'll end up dumping the IDS as well.
Spoofing is not just limited to host, and you can't create any general whitelist, so "smartness" (whatever this is, since AI isn't developed so far) won't help.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.