HP ProCurve Threat Management Solution Implementation Guide 2009-05

3-123

HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS

Step 2: Detect Threats

• Trap source ID—Configure this setting if you want the alert to trigger if an SNMP trap

originates from a particular device. For example, you might enter the IP address of the

TippingPoint IPS, such as 10.1.1.6.

• Trap text—Configure this setting if you want the alert to trigger if an SNMP trap contains

a particular word or phrase.

6. Configure occurrences and time period settings for the alert.

a. For Number of Events, type a number.

b. For Time period, type the length of time during which the number of events must occur

before the alert is triggered.

7. Optionally, override event severity.

8. Click Apply.

Subtask: Create a Non-ProCurve Security Devices Alert

In addition to modifying the default TippingPoint alert, you can create new alerts for Tipping-

Point events. This allows you to customize how NIM responds to different types of events.

Complete the following steps:

1. If Policy Manager is not already open, click Tools > Policy Manager.

2. In the navigation tree, click the arrow icons next to Alerts, Security and Non-ProCurve

Security Devices.

3. Select Non-ProCurve Security Devices.

Figure 3-133. PCM+ Non-ProCurve Security Devices Window in Policy Manager

4. In the right pane, click the New button. The Create Alert window is displayed.

5. Under Select the Alert type to create, select Security:ProCurve NBAD Services Alert.