Manualshelf

HP-UX Host Intrusion Detection System Version 4.1 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Host Intrusion Detection System Software
81828384858687888990
human intervention. Killing an offending process or closing a client connection are
examples of responses that can be automated.
The response scripts in the IDS_RESPONSEDIR directory in turn, are intended primarily
for reporting alerts (by email to an administrator, or to the OVO console using the HIDS
OVO/SPI) for human consumption.
Alert aggregation is enabled by default for all newly created and pre-canned surveillance
schedules. It can be configured either by using the GUI Schedule Manager window,
or by editing a schedule in text format. See “Surveillance Schedule Text File” (page 248)
for more information on the schedule in text format.
To enable and configure Alert Aggregation, follow these steps:
1. Select a schedule in the Schedules panel.
Figure 5-13 Schedule Manager Screen-Alert Aggregation Tab
2. Select the Alert Aggregation tab on the Schedule Manager screen.
3. Select the Alert Aggregation option box to enable alert aggregation.
4. Select the Real Time Alerts option box to enable the generation of real-time alerts
when alert aggregation is enabled.
Configuring Alert Aggregation 89