Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
201202203204205206207208209210
3-142
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 3: Respond to Threats
15. Add or remove an alert:
Add an alert by selecting it in the Available Alerts list and clicking the >> button to
move it to the Selected Alerts list.
If the alert you want does not exist, you can create it as explained in “Subtask: Create
a Non-ProCurve Security Devices Alert” on page 3-123. Note that you can specify
multiple alerts.
Remove an alert by selecting it in the Selected Alerts list and clicking the << button.
16. Click the Actions tab.
Figure 3-152. PCM+ <policy> > Actions Window
17. In the Available Actions list, select the action that you want the policy to execute when the
configured alert is received and click the >> button to move the action to the Selected
Actions list. In the example, you could select MAC Lockout, Disable port, Rate limit, and
Quarantine VLAN. If the action you want is not in the Available Actions list, you can create
it as explained in “Task: Configure Non-ProCurve Security Devices Alerts in PCM+” on
page 3-120.
Note that you can specify multiple actions. If you have multiple actions, they are performed
in the order in which they are listed in the Selected Actions list. You can click Move Up and
Move Down to rearrange the order of the actions.
Note The action is applied as soon as the policy is executed. If you are running IDM (and have not
specifically disabled IDM-NIM integration), IDM will reapply this action to the user should the
user attempt to connect to another switch port or AP.