Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
111112113114115116117118119120
3-53
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 2: Detect Threats
Figure 3-52. Viewing Events in the Cisco IPS 4200 Series Sensor
c. Verify that PCM+ sees the events. The PCM+ event log includes events the sensor
forwarded as SNMP traps.
i. Return to the PCM+ management interface.
ii. Select the device or group in the navigation tree where you expect to see events
from the sensor.
iii. Click the Events tab in the right pane. This displays the PCM+ event log.
Your event will be in the log (as long as you specified an action of Request SMNP
Trap in the signature definition and set an appropriate risk rating range in the event
action override).
Given the number of events that PCM+ logs, knowing the time the event occurred
on the sensor will help you to locate it. (Note that this is possible during testing,
but not in normal operation.) In addition, the Event ID reported in the sensor’s event
log is passed to PCM+ in the SNMP trap. You can find the event quickly by entering
the Event ID (or just the last few digits of it) in the Description field in the Filters
section of the PCM+ event log.