Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
3-13
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 1: Establish a Policy
Task: Check the Results
In addition to viewing the event list, you can see summaries of the event activity in the Security
Activity windows. The information on these windows can be displayed according to offenders,
alerts, and actions.
The Security Activity windows provide a flexible view of event activities and may become your
primary source for a quick understanding of the activity on your network. Perhaps the best
way to get a feel for the breadth and depth of the data in these windows is to access the windows
and click and double-click any item that looks like it might respond to a click. However, these
windows will not display information until PCM+ and NIM have run on your network and
gathered information over a period of time.
To view a Security Activity window, complete the following steps:
1. Select the Devices folder, a device group, or a particular device in the PCM+ navigation tree.
When you select the Devices folder or a device group in the PCM+ navigation tree, the
Security Activity tab in the right panel includes activity data for all devices or for all devices
that belong to that particular group. You can narrow the data to look at particular devices
by clicking a device in the navigation tree.
2. Click the Security Activity tab. The Offenders tab is selected by default, so you will see a
display similar to the one below.
Figure 3-10. Devices > Security Activity Window
Note If you are using IDM, offenders are listed by name (rather than IP address or host name), and
alert totals are tallied for the name (which might be associated with several IP addresses).