Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
2-48
HP ProCurve Network Immunity Manager Standalone Solution
Step 4: Analyze Events
Figure 2-45. NBAD Diagnostic Wizard > Suggested Actions
9. Click Next.
10. The Execute Action window describes the action you selected in the previous window. If
the action is satisfactory, click Execute. If it is not, click Back to make different selections,
and then click Execute. When the action completes, click Next.
11. The final window of the wizard shows the action that was taken. The action will be
recorded in the indicated log file. Click Finish to exit the wizard.
If necessary, you can undo actions initiated through the NBAD Diagnostic Wizard. Access the
\server\data\logs\SecurityConfWizard.log file to see action that was completed successfully,
then manually reverse the action.
For example, if you used the wizard to disable a port, manually enable the port.
Task: View Logs and Reports. PCM+ provides a variety of logs and reports that you can use
to understand the pattern of threat activity on your network. You can sort all of theses logs by
clicking on a column heading to help you organize the information in a useful way.
The general event log in PCM+ captures all events that PCM+ sees. It is thorough, but it
can be tedious to wade through all the events.
The summaries in the Security Activity window provide useful snapshots of threat activity,
and you can click the tables and charts to find details on particular devices or offenders.
The History tab of the Policy Activity window gives details on security policies that have
been triggered.
If you are using IDM, you can view users in IDM and see a list of all of the mitigation actions
taken against them.