HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)
Managed host A host that is actively managed by the HIDS Administrative GUI or CLUI.
Open View
Operations (OVO)
A distributed client and server software solution designed to detect, solve, and prevent
problems occurring in networks, systems, and applications in any enterprise. OVO is
a scalable and flexible solution that can be configured to meet the requirements of any
IT organization and its users. In addition, you can expand the applications of OVO
by integrating management applications from HP OpenView partners or other vendors.
Response Script Once HP-UX HIDS detects an intrusive activity, it sends an alert to the System Manager.
In addition, it executes a set of programs located on the system that was attacked. This
script is passed with the details of the alert, and can take whatever actions the system
administrator requires.
Secure Sockets
Layer (SSL)
A protocol for sending data across a network that prevents an eavesdropper from
observing or modifying any data transmitted. It is used for all HP-UX HIDS communication
between agent systems and the administration system.
Summary alert An alert containing a summary of duplicate, suppressed alerts of a previously reported
alert.
Suppression count The maximum number of duplicate alerts suppressed for a given alert.
Suppression
interval
The maximum elapsed time during which duplicate alerts of a particular alert are
suppressed.
Surveillance Group A group of detection templates. For example, all detection templates related to checking
for file system intrusions that can be grouped into a “File System” surveillance group.
Surveillance
Schedule
A set of configurable surveillance groups to be deployed on one or more systems on
a scheduled basis. A particular surveillance group is assigned to run on a given system
at one or more particular times of the day on one or more given days of the week.
System Manager
GUI
The graphical user interface (GUI) through which you control the operations of HP-UX
HIDS and where notification of alerts are displayed.
Template
Properties
External values provided as parameters to templates to change a template behavior
at run time.
Tune Report A report containing a summary of all the unique alerts across multiple agents that are
running the same schedule and that includes suggested filtering rules. The Tune Report
is generated by the idsadmin tune command and is not an Alert Report generated
by the idsadmin report command
Virus A piece of potentially malicious code that, when run, attaches itself to other programs.
When these programs are executed, the malicious code is also executed.
Vulnerability A point at which a system can be subverted by an attacker. Vulnerabilities result from
flaws in coding or design.
Glossary of HP-UX HIDS Terms 19