HP ProCurve Threat Management Solution Implementation Guide 2009-05
4-75
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 2: Detect Threats
10. Configure settings for triggering the alert:
• Trap OID—By default, the alert can be triggered by any SNMP trap. If you want to limit
which SNMP traps trigger the alert, configure this setting.
• Severity—Configure this setting if you want to trigger an alert based on how critical
an event is. PCM+ classifies events as follows:
– Informational
– Warning
–Minor
–Major
– Critical
Select one of the following and then select the severity level of the event:
– Equal to
– Not equal to
– Greater than
– Less than
For example, you might want to trigger the alert only if the event is a warning level or
higher. In this case, you would select Greater than and then select Warning.
• Signature ID, Signature Sub-ID, or Signature Name—Configure one or more of these
settings to trigger the alert if an event matches or does not match a particular signature.
Select one of the following:
– Matches
– Not matches
– Contains
– Not contains
Then type the signature ID, sub-ID, or signature name in the box provided.
• Trap source IP—Configure this setting if you want the alert to trigger if an SNMP trap
originates from a particular device. For example, you might enter the IP address of the
TMS zl Module, such as 10.1.1.6.
• Trap text—Configure this setting if you want the alert to trigger if an SNMP trap contains
a particular word or phrase.
11. Configure occurrences and time period for the alert.
a. For Number of events, type a number.
b. For Time period, type the length of time during which the number of events must occur
before the alert is triggered.
12. Optionally, override event severity.
13. Click Apply.
14. Click Close.
You might need to experiment with the Number of events and Time period options before you
configure actions for this alert. If you set these options too low, the normal operation of devices
might trigger the alert.