Manualshelf

HP ProCurve Threat Management Solution Design Guide 2009-04

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
4-13
Design
Background for Planning NIM Policies
The Alert Type you select determines the settings you can configure for the alert. For example,
if you select the ProCurve Security Devices Alert, you can create an alert based on:
Severity level of the threat
Signature ID
Signature sub-ID
Signature name
Trap source IP address
Trap text
Other alert types allow you to define different settings such as the number of times an event
occurs before an alert is triggered.
Note that a single event type can be the basis of several different alerts. For example, you can
change the frequency: that is, the number of times the event must occur before the alert is
triggered. Customizing alerts in this way allows you to match conditions in different parts of
your network.
Actions
Actions are responses that you can make to threats on your network. Again, NIM provides
some predefined actions and allows you to define new actions.You define an action by selecting
an action type and giving it a name. For example, you might define an action called “MAC lock”
by selecting the MAC lockout action type, and you could use that action to lock a device out
of your network according to its MAC address.
To define an action, select Actions in the navigation tree on the Policy Manager window, as
shown in Figure 4-7.
Figure 4-7. Policy Manager > Actions Window