HP-UX Host Intrusion Detection System Version 4.4 Administrator Guide (5900-1634, April 2011)

• On the Network Node screen, perform one of the following steps:

• Choose the File > Close menu item.

• Press Ctrl+C.

If you made unsaved changes to an open file set, they are saved automatically.

Alerts Tab

The Alerts tab shown in Figure 34 displays the alerts that were detected by the surveillance schedule

on one of the agent host systems.

On the Network Node screen, click the Alerts tab.

Figure 34 Network Node Alerts Tab

Each alert entry displays the alert severity, the attacker, the attack type, the date and time the alert

was generated, and other data. The columns displayed depend on selections on the Preferences

screen, which lists and describes all the column names. For more information, see “Alert Events

Preferences” (page 99).

Alerts are highlighted with color bars to emphasize the severity level of the potential attack (your

colors may vary).

Red (severity 1) This is a critical alert. A critical alert indicates a direct and

immediate compromise of a system.

Yellow (severity 2) This is a severe alert. A severe alert can indicate an attack that can

compromise the system, but without fatal consequences.

Blue (severity 3) This is a moderate alert. A moderate alert can provide information

about an event that can be used to carry out a more severe attack

on the system.

When you select an alert, regardless of its severity, it is highlighted in light blue and marked as

Seen. The panel below the list of alerts shows the detailed description of the last selected alert.

The operations you can perform on the Alerts tab are described in “General Operations” (page 92).

90 Using the Network Node Screen