Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
281282283284285286287288289290
4-73
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 2: Detect Threats
Signature ID, Signature Sub-ID, or Signature Name—Configure one or more of these
settings to trigger the alert if an event matches or does not match a particular signature.
(For steps on accessing the signatures, see “Subtask: View, Disable, or Enable Signa-
tures” on page 4-52.) Select one of the following:
Matches
Not matches
Contains
Not contains
Then type the signature ID, sub-ID, or signature name in the box provided.
Trap source IPConfigure this setting if you want the alert to trigger if an SNMP trap
originates from a particular device. For example, you might enter the IP address of
VLAN 2 on the TMS zl Module, such as 10.1.2.6.
Trap text—Configure this setting if you want the alert to trigger if an SNMP trap contains
a particular word or phrase.
6. Configure occurrences and time period settings for the alert.
a. For Number of Events, type a number.
b. For Time period, type the length of time during which the number of events must occur
before the alert is triggered.
7. Optionally, override event severity.
8. Click Apply.
9. Click Close.
Subtask: Create a ProCurve Security Devices Alert
In addition to configuring the default ProCurve Threat Management Services Alert, you can
create new alerts for TMS-related events. This allows you to customize how NIM responds to
different types of events.
Complete the following steps:
1. If Policy Manager is not already open, click Tools > Policy Manager.
2. In the navigation tree, click the arrows next to Alerts and Security.
3. In the navigation tree, select ProCurve Security Devices.
4. In the right pane, click the New button. The Create Alert window is displayed.
5. Under Select the Alert type to create, select Security:ProCurve Security Devices Alert.
6. For Name, type a name that is meaningful to you. For example, you might type TMS Alert.
7. Optionally, type a description of the alert in the Description text box.