HP Host Intrusion Detection System (HIDS) manual Schedule Manager

Schedule Manager Screen

The Schedule Manager

The Schedule Manager

The Schedule Manager screen helps you create and configure HP-UX HIDS surveillance schedules, surveillance groups, and detection templates.

On this screen, you can:

•Add, rename, delete, and define surveillance schedules, including which surveillance groups make up a schedule.

•Add, rename, delete, and define surveillance groups, including which templates make up a group, the days and times the group will be active, and the values for the properties of the selected templates. A group’s timetable can be different in different schedules. A template’s property values can be different in different groups.

A surveillance schedule is what you activate on an agent host to monitor activities and report alerts. It consists of one or more surveillance groups. A surveillance group consists of one or more templates. A template consists of one or more properties. A property can have zero or more values. The templates and their properties are predefined.

Surveillance schedules are saved on disk in files that match the schedule name, as /var/opt/ids/gui/SurveillanceSchedules/schedname.schedule where schedname is the name of the schedule. If you rename a schedule, its file is renamed. If you save a schedule under a new name, the old file is renamed and the schedule is renamed. Saving a schedule ensures that it has been written to disk.

Surveillance groups are saved on disk in files that match the group name, as /var/opt/ids/gui/SurveillanceGroups/groupname.grp where groupname is the name of the group. If you rename a group, its file is renamed. You cannot save a group directly.

Schedules and groups are saved automatically when you first create them and every time you exit from the System Manager screen.

The Schedule Manager screen comprises three major parts:

•The Configure tab, where you define surveillance schedules, groups, and template properties. See “Configuring Surveillance Schedules” on page 62, “Configuring Surveillance Groups” on page 67, and “Configuring Detection Templates” on page 71.

•The Timetable tab, where you specify when each surveillance group of a surveillance schedule will run. See “Setting Surveillance Schedule Timetables” on page 75.

•The Details tab, which displays the source definition of a surveillance schedule. See “Viewing Surveillance Schedule Details” on page 79.