Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
61626364656667686970
5 Using the Schedule Manager Screen
This chapter describes how to configure HP-UX HIDS surveillance schedules,
surveillance groups, and detection templates. This chapter addresses the following
topics:
“The Schedule Manager (page 69)
“Configuring Surveillance Schedules” (page 73)
“Configuring Surveillance Groups” (page 76)
“Configuring Detection Templates” (page 80)
“Setting Surveillance Schedule Timetables” (page 85)
“Configuring Alert Aggregation” (page 88)
“Configuring Duplicate Alert Suppression” (page 92)
“Viewing Surveillance Schedule Details” (page 94)
“Predefined Surveillance Schedules and Groups” (page 96)
The Schedule Manager
The Schedule Manager screen helps you create and configure HP-UX HIDS surveillance
schedules, surveillance groups, and detection templates.
Using this screen, you can:
Add, rename, delete, and define surveillance schedules, including which
surveillance groups make up a schedule.
Add, rename, delete, and define surveillance groups, including which templates
make up a group, the days and times the group will be active, and the values for
the properties of the selected templates.
NOTE: A group’s timetable can be different in different schedules. A template’s
property values can be different in different groups
A surveillance schedule is what you activate on an agent host to monitor activities and
report alerts. It includes the name of one or more surveillance groups. A surveillance
group consists of one or more templates. A template consists of one or more properties.
A property can have zero or more values. The templates and their properties are
predefined.
Surveillance schedules are saved in /etc/opt/ids/schedules/<schedname>.txt
where schedname is the name of the schedule. If you rename a schedule, its file is
renamed. If you save a schedule under a new name, the old file is renamed and the
schedule is renamed. Saving a schedule ensures that it has been written to disk.
Surveillance groups are saved in
/etc/opt/ids/schedules/groups/<groupname>.txt where groupname is the
name of the group. If you rename a group, its file is renamed.
The Schedule Manager 69