HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

181

182

183

184

185

186

187

188

189

190

3-125

HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS

Step 2: Detect Threats

9. Configure settings for triggering the alert:

• Trap OID—By default, the alert can be triggered by any SNMP trap. If you want to limit

which SNMP traps trigger the alert, configure this setting.

• Severity—Configure this setting if you want to trigger an alert based on how critical

an event is. PCM+ classifies events as follows:

– Informational

– Warning

– Minor

– Major

– Critical

Select one of the following and then select the severity level of the event:

– Equal to

– Not equal to

– Greater than

– Less than

For example, you might want to trigger the alert only if the event is a warning level or

higher. In this case, you would select Greater than and then select Warning.

• Signature ID, Signature Sub-ID, or Signature Name—Configure this setting to trigger the

alert if an event matches or does not match a particular signature. Select one of the

following:

– Matches

– Not matches

– Contains

– Not contains

Then type the signature ID or signature name in the box provided.

• Trap source ID—Configure this setting if you want the alert to trigger if an SNMP trap

originates from a particular device. For example, you might enter the IP address of the

TippingPoint IPS, such as 10.1.1.6.

• Trap text—Configure this setting if you want the alert to trigger if an SNMP trap contains

a particular word or phrase.

10. Configure occurrences and time period settings for the alert.

a. For Number of Events, type a number.

b. For Time period, type the length of time during which the number of events must occur

before the alert is triggered.

11. Optionally, override event severity.

12. Click Apply.

Subtask: Edit or Delete a Non-ProCurve Security Devices Alert

You can edit an alert by completing the following steps:

1. Open Policy Manager by clicking Tools > Policy Manager.

2. In the navigation tree, click the arrow next to Alerts, Security, and Non-ProCurve Security

Devices and then select the alert.

3. Click the Configuration tab and change alert settings as needed.

4. Click Apply.

5. Click Close if you do not need to make any other configuration changes in Policy Manager.