Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
2-15
Concepts
The Security Management Life Cycle
Threat Response
NIM is the primary means for controlling the actions that are taken in response to threats. While
other components in the HP ProCurve Threat Management Solution can also control responses,
NIM provides centralized control over a variety of mitigation actions on devices that PCM+
has discovered.
NIM allows you to create actions—threat responses that NIM will take—to be performed when
certain alerts are triggered. As you configure actions, you are applying the policies that you
established in the first phase of the security management life cycle.
For example, you could create an action called “Block threat source” with an action type of
“MAC Lockout,” and then assign the “Block threat source” action to be performed whenever
an “IP fanout” alert is received.
NIM supports the following actions:
Port shut down
Assignment to quarantine VLAN
MAC lockout
Rate limiting
Port mirroring
Command script execution on the PCM+/NIM server
Email notification
Message in a dialog box
Logging