Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
2-24
HP ProCurve Network Immunity Manager Standalone Solution
Step 2: Detect Threats
Step 2: Detect Threats
This section outlines the activities you might engage in as you set up alerts to detect threats
on your network. These activities follow the “Detect threats” phase of the security management
life cycle. (See Figure 2-1 on page 2-3.) They also match the design steps discussed in Chapter 4:
“Design” in the HP ProCurve Threat Management Solution Design Guide. That is, if you are
following the steps in the design guide, this chapter will guide you through the activities that
accomplish the “Detect threats” step.
All Times Through the Process
Threat detection is the same, whether this is your first time or a subsequent time through the
process. To detect threats on your network, perform the tasks outlined in the sections that
follow.
Task: Set Up ProCurve NBAD Services Alerts
In “Task: Make a List of Security Events” on page 2-23, you made a list of security events that
occurred on your network. Now you will set up alerts that correspond to those events. These
alerts will allow NIM to detect security events and in “Step 3: Respond to Threats” on page
2-28, you will use those alerts to trigger responses to the events. (For a detailed description of
the relationship between events, alerts, and actions, see the HP ProCurve Threat Management
Solution Design Guide.)
PCM+ recognizes the following types of alerts:
ProCurve NBAD Services Alerts—defines all alerts that the NBAD engine creates
ProCurve Wired Alerts—defines all alerts created from security-related SNMP traps that
ProCurve switches generate
ProCurve Wireless Alerts—defines all alerts created from security-related SNMP traps
that ProCurve wireless devices generate
ProCurve Security Devices Alerts—defines alerts created from SNMP traps that
ProCurve security devices, such as the TMS zl Module, generate
Non-ProCurve Security Devices Alerts—defines all security-related SNMP traps that
supported third-party devices generate
This task focuses on the ProCurve NBAD Services Alerts. You will learn about other alerts in
subsequent chapters.
To configure a ProCurve NBAD alert, complete the following steps:
1. Open the Policy Manager window by completing one of the following:
Click Tools > Policy Manager.
or
•Click the Policy Manager icon in the toolbar.
2. Click the arrow icon next to Alerts in the navigation tree. The Security option is displayed.
3. Click the arrow icon next to Security.
4. In the navigation tree, select ProCurve NBAD Services. The ProCurve NBAD Services window
is displayed in the right pane.
You can click the arrow icon next to ProCurve NBAD Services to expand this section and
display the types of threats for which you can create alerts.