Manualshelf

HP-UX Host Intrusion Detection System Release 4.1 Release Notes for HP-UX 11i v1 | HP-UX 11i v2 | HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
11121314151617181920
NOTE: Support for Release 2.x of HP-UX HIDS was discontinued on March 31, 2007.
HP recommends that all customers using HP-UX HIDS Release 2.x upgrade to Release
4.1. To know more about discontinuance, see
http://www.hp.com/softwarereleases/releases-media2/discon/index.htm.
New and Changed Features
HP-UX HIDS Release 4.1 includes the following new features and enhancements:
An alert volume reduction feature that proactively suppresses duplicate alerts
from being generated, logged, and reported to the HIDS administrator console.
Using this feature, administrators can manage HIDS alerts easily by focusing their
attention on fewer and more significant alerts.
A reporting feature that enables the generation of customized and consolidated
alert reports that are easy to view and print. Reports can be generated in HTML,
text, and raw formats.
A tuning tool that can greatly reduce the time and effort to deploy and maintain
surveillance schedules by:
Eliminating the time consuming and error prone process of manually generating
filtering rules.
Facilitating the review of alerts from multiple agents running the same schedule
by presenting an alert report that consolidates duplicate alerts and groups alerts
triggered by the same program.
Performing automatic schedule updates and deployments.
This tool effectively automates the process of identifying and filtering file-related
alerts that the HIDS administrator deems safe to ignore, that is, alerts generated
because of normal system activity. The tool can be used to perform the following
tasks:
Customize a predefined schedule to filter out alerts generated as part of normal
system activity during the initial HIDS deployment.
Fine tune an existing schedule if new alerts that are deemed safe to ignore are
generated after deployment.
The Surveillance Schedules and Surveillance Groups managed by the HIDS
administrative GUI and CLUI are stored in text format only, allowing users to also
edit schedules and groups using their preferred editor.
The Creation and Modification of Setuid file template now also monitors the
creation and modification of privileged setgid files.
18 Announcement