Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
231232233234235236237238239240
4-24
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 1: Establish a Policy
Setting the sensitivity can potentially affect the number of false positives and false negatives
NIM reports. If you set the sensitivity too high, NIM might identify more false positives, and if
you have configured actions for the events, you might shut out traffic that does not actually
pose a threat to your network. On the other hand, if you set the sensitivity too low, you risk
false negatives. That is, NIM might not be able to detect an actual threat.
To adjust event sensitivities, complete the following steps:
1. Open the Agent Manager window by completing one of the following:
Click Tools > Agent Manager.
or
•Click the Agent Manager icon in the toolbar.
2. Click the NIM tab in the right pane.
3. Click Configuration.
4. Select a threat type in the navigation tree of the NIM Configuration window.
5. Click the Monitoring tab.
6. Adjust the sensitivity of the monitoring by selecting a number from the Analysis Sensitivity
list. A lower number decreases sensitivity; a higher number increases it.
Figure 4-22. NIM Configuration > <IP Address Spoofing> Monitoring Window
7. For each event that you want to monitor, make sure that the Enable Security Monitoring
option is selected. You can prevent monitoring of a threat type by selecting it in the list on
the left and then clearing this option.
8. Click Close.