Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
101102103104105106107108109110
3-43
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 2: Detect Threats
iv. Set the Alert Interval checkbox and set a value, in seconds.
Figure 3-42. Specifying an Alert Interval in the Edit Signature Window
Note that green check marks identify the entries you selected.
v. Click OK.
vi. Click Apply.
6. Configure the event action rules, which control the sensor’s response to events on the
network and allow you to tune the sensitivity of that response.
Each security event that the sensor detects carries a risk rating (High, Medium, or Low) that
quantifies the risk associated with that event. Similarly, each action is associated with a
risk rating. An action is carried out when an event that falls within the same risk rating
occurs.
In the example network, the sensor was set up to detect TCP SYN Port Sweep events
(signature 3002) that carry a risk rating of Low. By default, the Deny Packet Inline action
configured in the example acts only on events with risk ratings of Medium or High, so a
TCP SYN Port Sweep would not ordinarily trigger the Deny Packet Inline action.
You can adjust the sensitivity of the risk rating so that a TCP SYN Port Sweep, with its risk
rating of Low, will trigger the action. You do this using event action overrides as explained
in the following steps:
a. If necessary, click Event Action Rules in the navigation bar to open the list of event action
rules policies.
b. Select an Event Action Rules policy to edit.
c. In the right pane, click the Event Action Overrides tab.
d. Make sure the Use Event Action Overrides check box is selected.