HP ProCurve Threat Management Solution Implementation Guide 2009-05
4-107
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 4: Analyze Events
■ The History tab of the Policy Activity window gives details on security policies that have
been triggered.
■ If you are using IDM, you can view users in IDM and see a list of all of the mitigation actions
taken against them.
Event Log. To view the event log, complete the following:
1. In the PCM+ navigation tree, select a group or device. The selected object’s dashboard is
displayed.
2. Click the Events tab. The event log is displayed.
3. Click an event in the list to see the event details in the Event Details box below the event
list. (These details include additional information about the offender and the threat,
including—if you are using IDM—the offender’s username.)
4. Filter the event log by clicking the arrow icon next to Filtering to expand these options.
You can filter the events by variables such as Time Span, Severity, Category, and Origin. For
example, you could filter the list so that it displays only Critical events from NIM within a
specified time frame.
Security Activity Window. To view the Security Activity window, complete the following
steps:
1. In the navigation tree, select a device or group.
2. Click the Security Activity tab.
3. Choose a security activity type by clicking the Alerts, Actions, or Offenders tab.
If you are using IDM, the offenders are listed by name, and the events are tallied according
to name. (If an offender did not log in by name, the IP address will be listed.)
4. Optionally, use the filters to display only the information you specify.
5. Optionally, right-click lines in the table to see more detailed information. (To get back to
the top level, click the device or group in the left navigation panel.)
Policy History. To view the Policy History, complete the following steps:
1. Open Policy Manager by completing one of the following:
• Click Tools > Policy Manager.
or
•Click the Policy Manager icon in the toolbar.
2. In the navigation tree, select Policies. The Manage Policies window is displayed.
3. In the Manage Policies window, click the History tab.
a. You can also access the policy history by clicking a device or group in the left navigation
panel, clicking the Policy Activity tab, and then clicking the History tab.
b. Click an event in the list to see its details in the box below.
If you are using IDM, the offender’s IDM username will be listed (in addition to other
details such as the offender’s IP address, MAC address, connected device, and con-
nected port).
IDM Users Window. Y
ou can also check the IDM Users window to check details about
offenders. To view these details, complete the following steps:
1. Click the Identity tab at the bottom of the navigation tree.
2. Click Identity Management Home > Realms > <Realm> Default Access Policy Group.