Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
311312313314315316317318319320
4-106
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 4: Analyze Events
8. The Suggested Actions window provides suggestions for actions you can take to mitigate
the threat. Select an action or exclude this event from future analysis if it is a false positive.
Some actions require additional information. For example, if you select Rate Limit, you must
specify the rate limit percentage.
Figure 4-83. NBAD Diagnostic Wizard > Suggested Actions
9. Click Next.
10. The Execute Action window describes the action you selected in the previous window. If
the action is satisfactory, click Execute. If it is not, click Back to make different selections,
and then click Execute. When the action completes, click Next.
11. The final window of the wizard shows the action that was taken. The action will be
recorded in the indicated log file. Click Finish to exit the wizard.
If necessary, you can undo actions initiated through the NBAD Diagnostic Wizard. Access the
\server\data\logs\SecurityConfWizard.log file to see an action that was completed successfully,
then manually reverse the action.
For example, if you used the wizard to disable a port, manually enable the port.
Task: View Logs and Reports
PCM+ provides a variety of logs and reports that you can use to understand the pattern of threat
activity on your network. Click a column heading to sort the information.
The general event log in PCM+ captures all events that PCM+ sees. It is thorough, but it
can be tedious to wade through all the events.
The summaries in the Security Activity window provide useful snapshots of threat activity,
and you can click the tables and charts to find details on particular devices or offenders.