Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
221222223224225226227228229230
4-12
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 1: Establish a Policy
6. By default, NIM monitors traffic for all NIM events. To check an event, select it in the
navigation tree and click the Monitoring tab in the right pane. The Enable Security Monitoring
check box should be selected.
Figure 4-8. NIM Configuration > <Event> > Monitoring Window
7. If you do not want to monitor a particular type of event, simply clear the Enable Security
Monitoring check box.
You can also configure the sensitivity of the analysis on this window. Configuring these
settings is described later in this chapter.
8. Click Close and then click OK.
Task: View Events
To view the events collected by PCM+ and NIM, complete the following steps:
1. In the PCM+ navigation tree, select an agent group, device group, or device name. (You
might need to expand a folder in the navigation tree.)
2. In the right pane, click the Events tab. Events are displayed as PCM+ and NIM collect them.
Note that the list includes all PCM+ events, not just NIM events. NIM events include NBAD
events, Virus Throttle
TM
(connection rate filtering) events, security-related SNMP traps,
and Policy Manager alerts.
Note that an “origin,” or source, might not be listed for all NBAD events. If the NBAD engine
knows the source of the sFlow traffic that triggered the NBAD engine, that device will be
listed as the source of the NBAD event. If not, no source will be provided.