HP ProCurve Threat Management Solution Implementation Guide 2009-05
3-17
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 1: Establish a Policy
7. To view alerts, click the Alerts tab in the Security Activity window. You will see a display
like the one below.
Figure 3-14. Devices > Security Activity > Alerts Window
8. Use the View breakdown by drop-down list at the right to select how you want to view the
information.
9. To view actions that have been triggered by actual security events, click the Actions tab.
Because you have not yet begun to have NIM take actions, this window will not contain
any information. (After you enable actions, you can view them by selecting Action Type,
Completion Status, or IDM Interaction in the View breakdown by drop-down list.)
Task: Exclude Devices as Needed
By default, NIM excludes events coming from routers or from PCM+ management stations and
agents. These legitimate operations would trigger security events.
If any other network devices trigger an event based on their normal behavior, you can create
additional exclusions to limit the number of false positive events that NIM detects. Every
exclusion specifies a threat type, originating device, and target device.
NIM allows you to exclude devices from NBAD analysis using:
■ Agent Manager—see “Add or Remove Exclusions Using the Agent Manager” on page 3-17
■ Exclusion utility for events—see “Add Exclusions from the Event Window” on page 3-20
■ NBAD Diagnostics Wizard—see “Task: Use the NBAD Diagnostic Wizard” on page 3-146
Add or Remove Exclusions Using the Agent Manager. To add an exclusion for a device
using the Agent Manager, complete the following steps:
1. Open the Agent Manager window by completing one of the following:
• Click Tools > Agent Manager.
or
•Click the Launch Agent Manager icon in the toolbar.