Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
111112113114115116117118119120
3-56
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 2: Detect Threats
Figure 3-55. Selecting an Interface for the IDS
3. Set up a virtual sensor.
a. At the bottom of the navigation bar, click the Policies tab.
b. Click IPS Policies.
c. Click Add Virtual Sensor.
d. For Virtual Sensor Name, type a name.
e. Optionally, add a description.
f. Select a promiscuous interface (suitable for IDS monitoring) from the Interfaces list.
Click Assign.
g. Select a signature definition from the Signature Definition Policy menu.
h. Select an Event Action Rule. If you want to use any event action overrides you have
configured, select the Use Event Action Overrides check box. You can also add new event
action overrides by clicking Add and following these steps:
i. Select the risk rating from the Risk Rating menu.
ii. Under the Assigned column, select the check boxes next to the actions you want
to assign to this event action override.
iii. Under the Enabled column, select the check boxes next to the actions you want to
enable.
iv. Click OK.
i. Select an anomaly detection policy.
j. Select the anomaly detection mode (Detect, Inactive, or Learn) from the AD Operational
Mode menu. The default is Detect.