Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
71727374757677787980
Saving a Surveillance Group
The newly created Surveillance Group is automatically saved when you save any
schedule (“Saving a Surveillance Schedule” (page 76)) and every time you exit from
the System Manager screen.
Configuring Detection Templates
Detection templates are the building blocks of surveillance groups. They contain
configurable properties that modify template behavior during run time.
See Appendix A (page 135) for more information about HP-UX HIDS detection templates,
and how they can be configured.
Each detection template is designed to identify a specific type of unauthorized system
activity and has configurable parameters. The detection template directs the agent to
monitor a security related activity on a host system.
For example, a Failed Login detection template checks the number of failed logins
within a given time interval on a host system. Both the number of failed attempts and
the time interval are configurable. If a user fails to correctly login and the triggering
criteria are met, an alert is issued.
The parameters for a template may be configured once the detection template is added
to a surveillance group. At this point, you will be able to view all the editable properties.
You can also change the default values of these properties.
Modifying a Property Value in a Template
The values you add, modify, or delete are local to the current group. Other groups can
have different values for the same template properties.
To change the value of a property in a detection template, follow the steps:
1. On the Schedule Manager screen select the Configure tab.
2. Highlight the template name in the Templates panel.
3. In the Properties panel, edit the value of a property by performing one of the
following tasks:
Highlight the property and click the Edit button
Highlight the property and press Ctrl+E.
Highlight the property and choose the Edit > Edit Selected Property Values
menu item
Double-left-click the Value column of the property
Values are shown as either single items or lists. Lists are comma-separated values,
wrapped with brackets; see step 5. Single items have a single value and no brackets;
see step 4.
80 Using the Schedule Manager Screen