Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
2-23
HP ProCurve Network Immunity Manager Standalone Solution
Step 1: Establish a Policy
Task: Make a List of Security Events
The tasks outlined in the “First Time Through the Process” on page 2-4 provide the information
you need to make a list of security events on your network. For each event on the list, and for
each significant variation in time and location, note the action that you want to take.
Table 2-1. List of Security Events
The result is your first attempt at creating a network immunity policy that is customized for
your unique network environment. You will turn this policy into alerts in “Step 2: Detect
Threats” on page 2-24, and you will specify actions in “Step 3: Respond to Threats” on page 2-28.
Optional Task: Record Top Offenders
The Security Activity > Offenders tab displays the number of alerts triggered by various IP
addresses, hostnames, or—when users log in to a network managed by IDM—usernames.
When a particular user is triggering a great many events, you may want to talk to that user and
determine whether there is a problem.
Second and Subsequent Times Through the Process
Task: Update Events and Actions
After you have been through the process at least once, you can update your list of events and
actions with any new events that have occurred during the previous cycle. For any new events,
note the actions that you want to take.
You will use the revised list to create new alerts in “Step 2: Detect Threats” on page 2-24 and
to set up corresponding actions in “Step 3: Respond to Threats” on page 2-28.
Event type Location and Time Frequency Action