Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
3-22
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 1: Establish a Policy
Figure 3-21. NIM Edit Exclusion Entry Window
7. Under Offender, specify a source device, using its IP address, port, or MAC address.
8. Under Victim, specify a destination device, using its IP address, port, or MAC address.
9. For Comment, type a plain-text comment that describes the purpose of this exclusion.
10. Click OK.
Task: Adjust Event Sensitivities
After you start monitoring events, you might want to adjust the sensitivity level for some NBAD
events. The sensitivity level affects whether a detected deviation triggers an event. (The alert’s
event settings, in turn, affect whether an event triggers an alert.)
Because NIM is designed to adjust its triggering thresholds to the behavior of the network on
which it is installed, you should let NIM run on your network for at least 12 hours, and preferably
24 hours, before you adjust the sensitivity level. Keep in mind that, when an NBAD engine
operates with low sensitivity, it allows a relatively high deviation from the baseline. In other
words, more traffic falls within the normal range, so NBAD detects fewer events. When you
set the sensitivity high, traffic must conform more exactly to the baseline. NBAD interprets a
lesser degree of unusual behavior to be a threat and triggers more events.