Manualshelf

Host Intrusion Detection System Administrator's Guide Release 3.0

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
81828384858687888990
Schedule Manager Screen
Configuring Detection Templates
Chapter 5
71
Configuring Detection Templates
Detection templates are the building blocks of surveillance groups. They contain one or
more properties. A property is a parameter for a detection template.
Refer to Appendix A, “Templates and Alerts,” on page 121 for more information about
HP-UX HIDS detection templates.
Each detection template is designed to identify a specific type of unauthorized system
activity and has configurable parameters. The detection template directs the agent to
monitor a security related activity on a host system.
For example, a Failed Login detection template checks the number of failed logins within
a given time interval on a host system. Both the number of failed attempts and the time
interval are configurable. If a user fails to correctly login and the triggering criteria are
met, an alert is issued.
A template’s parameters may be configured once the detection template has been
incorporated into a surveillance group. At this point, you will be able to view any
editable properties and if you prefer, change the values that were provided as defaults.
Modifying a Property Value In a Template
The values you add, modify, or delete are local to the current group. Other groups can
have different values for the same template properties.
To change the value of a property in a detection template
Step 1. Go to the Configure tab of the Schedule Manager screen.
Step 2. Highlight the template name in the Templates panel.
Step 3. In the Properties panel, begin editing the value of a property by doing one of:
Highlight the property and click the Edit button
Highlight the property and press Ctrl-E
Highlight the property and choose the Edit > Edit Selected Property Values
menu item
Double-left-click the Value column of the property
Values are shown as either single items or lists. Lists are comma-separated values,
wrapped with brackets; go to step 5. Single items have a single value and no brackets; go
to step 4.
Step 4. If the value is a single item (no brackets, e.g., 20), the Edit dialog box is displayed
(Figure 5-8).
Figure 5-8 Edit Dialog - Edit