beautypg.com

Refreshing the real-time attack alarm list – H3C Technologies H3C Intelligent Management Center User Manual

Page 949

background image

935

Manual execution required indicates that no action, either automatic or manual, was taken for the

associated event.

2.

Click Manual execution required in the Result field to navigate to the Attack Alarm Details page.
From this page you can execute any actions that are associated with this attack alarm type.

Success indicates that the automatic or manual action that was taken for this type of attack was
successful.

Failure indicates that the automatic or manual action that was taken for this type of attack failed.

3.

Click Failure in the Result field to navigate to the Attack Alarm Details page. From this page you
can get the detailed failure reason.

Executing policy indicates that the automatic or manual action that was specified for this type of
attack is currently being executed. The contents of the Result field do not serve as a navigation link

to the Attack Alarm Details page when an action is being executed.

No matching policy indicates that the alarm does not match any security control policy. Click No
matching policy in the Result field to navigate to the Attack Alarm Details page. From this page you
can select one or more actions, if available, that are associated with this attack alarm type.

Waiting for policy execution indicates that the selected action for the associated security attack
alarm is in the queue for processing by IMC. The contents of the Result field do not serve as a

navigation link to the Attack Alarm Details page when an action is waiting for policy execution.

Acknowledgement required indicates that the configured action could not be completed
successfully because the conditions necessary to complete the action were not met. For example,

let's say that the configured action was to shut down an interface. If the interface is unreachable
and cannot be shut down, the Result field contains the value, Acknowledgement required. The

value, Acknowledgement required in the Result field serves as a link for navigating to page for

re-executing the action manually.

The contents of the Result field serve as a link to one of several pages, depending on the result of
the action taken for the associated event. If the result is Failure, the link navigates you to the Security

Control Policy Result Report. For more information about this page, see "

Viewing the execution

result report

."

If the result is No matching policy, the link navigates you to the Execute Action page. For more
information about executing an action, see "

Executing a manual action for an attack alarm

."

Attack Path: This field contains a link to a topology map displaying the attack path.

4.

Select the number of recent attack alarms you want IMC to display from the Display list located in
the far right of the Realtime Attack Alarm List.
This option filters the list for the most recent 25, 50, 75, 100, or 125 attack alarms.

Refreshing the real-time attack alarm list

You can refresh the Realtime Attack Alarm List. Refreshing the Realtime Attack Alarm List initiates a

query to IMC database and refreshes the Realtime Attack Alarm List with any changes to the Realtime

Attack Alarm List since the page was last loaded.
To refresh the Realtime Attack Alarm List:

1.

Navigate to Alarm > Realtime Attack Alarm:

a.

Click the Alarm tab from the tabular navigation system on the top.

b.

Click the Security Control Center on the navigation tree on the left.

c.

Click the Realtime Attack Alarm link located under Security Control Center on the navigation
tree on the left.