HP ProCurve Threat Management Solution Implementation Guide 2009-05
4-76
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 2: Detect Threats
Subtask: Edit or Delete a ProCurve Security Devices Alert
At any time, you can edit or delete alerts using the steps outlined in this section.
Subtask: Edit a ProCurve Security Devices Alert. Complete the following steps:
1. Open Policy Manager by clicking Tools > Policy Manager.
2. In the navigation tree, click the arrow next to Alerts, Security, and ProCurve Security Devices
and then select the alert.
3. Click the Configuration tab and change alert settings as needed.
4. Click Apply.
5. Click Close if you do not need to make any other configuration changes in Policy Manager.
Subtask: Delete a ProCurve Security Devices Alert. Complete the following steps:
1. Open Policy Manager by clicking Tools > Policy Manager.
2. In the navigation tree, click the arrow next to Alerts and Security.
3. In the navigation tree, select ProCurve Security Devices.
4. In the right pane, select the alert and click Delete.
5. Click Yes to confirm the action.
6. Click Apply.
7. Click Close if you do not need to make any other configuration changes in Policy Manager.
Subtask: Exclude Events for ProCurve Security Devices
Before you move on to the next phase in the security management life cycle—“Step 3: Respond
to Threats”—you might want to consider if any devices will trigger a Threat Management
Services event based on their normal behavior.
Every exclusion specifies a threat type, originating device, and target device. To add an
exclusion for a device whose legitimate operation includes actions that the TMS zl Module
might perceive as a threat, complete the following steps:
1. Open the Agent Manager window by clicking Tools > Agent Manager.
2. Click the NIM tab in the right pane.
3. Click the Configuration icon. The Exclusion List is displayed.
4. In the navigation tree, click the arrow next to ProCurve Security Devices to expand the
category.