HP-UX Host Intrusion Detection System Version 4.7 Administrator Guide HP-UX 11i v3 (766144-001, March 2014)
The Schedule Manager screen comprises of four major parts:
• The Configure tab, where you define surveillance schedules, containers, groups, and template
properties. For more information, see “Configuring Surveillance Schedules”
(page 50),“Configuring to Monitor HP-UX Containers (HP-UX SRP)” (page 53),“Configuring
Surveillance Groups” (page 55), and “Configuring Detection Templates” (page 58).
• The Timetable tab, where you specify when each surveillance group of a surveillance schedule
will run. For more information, see “Setting Surveillance Schedule Timetables” (page 62).
• The Global Properties tab, where you can specify whether to aggregate specific program
alerts, monitor failed attempts, or suppress duplicate alerts. To configure alert aggregation,
see “Configuring Alert Aggregation” (page 64). To monitor the successful and failed attempts
of creating, deleting, and modifying critical files or directories, see “Configuring Monitor
Failed Attempts” (page 67). To configure duplicate alert suppression, see “Configuring
Duplicate Alert Suppression” (page 68)
• The Details tab, which displays the source definition of a surveillance schedule. For more
information, see “Viewing Surveillance Schedule Details” (page 70).
Creating a Surveillance Schedule
This section describes about how to create a surveillance schedule.
To create a surveillance schedule, follow these steps:
1. Create a surveillance schedule name. The schedule will contain one or more surveillance
groups. For more information, see “Configuring Surveillance Schedules” (page 50). You must
create a new schedule
• If a current schedule does not include the groups you want
• If the group or template properties need to be different
• If you need the same group and templates to run at different times
2. Add one or more Container (SRP) names to be monitored. This is applicable for agents running
on a host configured with HP-UX Containers (HP-UX SRP). For more information, see
“Configuring to Monitor HP-UX Containers (HP-UX SRP)” (page 53). You must add a new
Container (SRP) if you want some groups to run only on specific Containers (SRP) of the system.
3. Create one or more groups, as needed. Each group will contain one or more detection
templates. For more information, see “Configuring Surveillance Schedules” (page 50). You
must create a new group
• If a current group does not include the templates you want
• If the template properties need to be different
• If you need the same templates to run at different times
4. In the new groups, choose which templates to use, revising the values of the properties as
needed. A template can have different properties in different groups. For more information,
see “Configuring Detection Templates” (page 58).
5. Choose which groups to include in your schedule.
6. For each group in your schedule, specify the days and times that it must run. For more
information, see “Setting Surveillance Schedule Timetables” (page 62).
Opening the Schedule Manager Screen
This section describes about how to open the Schedule Manager screen:
To open the Schedule Manager screen, follow the step given below:
The Schedule Manager 49