I have been trying to figure out if the IPS can find out if a computer is part of a certain Domain and if so block it.
I have setup where I want a PC from domain
Workgroup\PCNAME to be blocked or at least logged by the IPS. I currently use multple TCP, UDP, and uri functions but I have never tried to look up the domain of a PC. If anyone has tried this or if it is not even possible I would like to know. I know a NAC solution would work but we don't have that at this moment.
Thank you for any help.