HP ProCurve Threat Management Solution Implementation Guide 2009-05

3-146

HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS

Step 4: Analyze Events

Task: Use the NBAD Diagnostic Wizard

NIM features a tool designed to help you make sense of and respond to NBAD events. You can

use the NBAD Diagnostic Wizard to identify the possible cause of an NBAD alert and determine

possible solutions. This wizard is especially helpful when you need to quickly resolve an attack

detected by the NBAD engine.

The wizard will guide you through the following steps:

■ Identify the threat

■ Analyze the threat

■ Review suggested action(s)

■ Execute the action(s)

1. In the navigation tree, select a group or device and then click the Events tab in the right

panel.

2. Right-click any NBAD event with an origin of NIM and select NBAD Diagnostic Wizard.

3. When the NBAD Diagnostic Wizard opens, click Next to begin.

4. The Identify Threat window is the first to display. It describes the possible causes of the

selected event. Read the description.

Figure 3-154. NBAD Diagnostic Wizard > Identify Threat Window

5. Click Next.

6. The Identify False Positives window describes possible circumstances—other than actual

attacks—that might cause the event. If the event is caused by legitimate network activity,

select the box to identify it as a false positive. This option will allow you to skip the Analyze

threat step.