Executing an action for an attack alarm, Executing a manual action for an attack alarm – H3C Technologies H3C Intelligent Management Center User Manual

939

•

Link Information: Provides operators with detailed information on the selected link, including basic

information as well as information about the interfaces on either side of the link. Information
includes link name, status, device information, the operational and administrative status of each

interface, IP address and subnet information and more.

•

Modify Link Name: Allows operators to apply a label or name in IMC for the selected link.

•

View MAC: Provides two options, Interface 1 and Interface 2, which represent the interfaces at both
ends of the link. Select Interface 1 or Interface 2, a new browser window opens and the MAC

addresses learned on the selected interface is displayed in the active window.

Executing an action for an attack alarm

You can take action on attack alarms displayed in the Attack Alarm List or the Realtime Attack Alarm List.

The actions that can be taken vary by the type of security attack identified but in general SCC supports
six actions:

•

Shutting down the access port

•

Alerting the administrator by email

•

Isolating the online user to a restricted network

•

Sending a warning message to the online user

•

Kicking the online user off

•

Adding the online user to the blacklist

The Execute Action page for initiating an action for a security alarm can be accessed from the link in the

Result field of the Attack Alarm List and the Realtime Attack Alarm List when the Result field contains one
of the following values, Manual execution required, No matching policy, and Acknowledgement

required.

Executing a manual action for an attack alarm

You can execute a manual action for an attack alarm from both the Attack Alarm List and the Realtime

Attack Alarm list.
To execute a manual action from the Attack Alarm List:

1.

Navigate to Alarm > Browse Attack Alarm:

a.

Click the Alarm tab from the tabular navigation system on the top.

b.

Click the Security Control Center on the navigation tree on the left.

c.

Click the Browse Attack Alarm link located under Security Control Center on the navigation
tree on the left.
The Attack Alarm List displays in the main pane of the Browse Attack Alarm page.

2.

Click the link in the Result field of the attack alarm for which you want to view details.
The Execute Action page appears.
The value in the Result field must contain one of the following values in order to execute an action
manually: Manual execution required, No matching policy, and Acknowledgement required.

3.

Click Select Action located at the top of the Action and Order section of the Execute Action page.
The Select Action dialog box appears.

4.

To view the full list of possible actions for this security attack type, do one of the following:

{

Click on the Expand arrow located to the left of Action List.

{

Click on the Expand all link located in the upper right corner of the Select Action dialog box.