Configuring alarm matching policies – H3C Technologies H3C Intelligent Management Center User Manual

941

1.

Navigate to Alarm > Browse Attack Alarm:

a.

Click the Alarm tab from the tabular navigation system on the top.

b.

Click the Security Control Center on the navigation tree on the left.

c.

Click the Browse Attack Alarm link located under Security Control Center on the navigation
tree on the left.
The Attack Alarm List displays in the main pane of the Browse Attack Alarm page.

2.

Click the link in the Result field of the attack alarm for which you want to view details.
The Result Report page appears.
IMC displays the results of every action configured for the attack alarm in the Execution Result List
displayed in the lower portion of the Security Control Policy Result Report.

Execution result list

•

Action Name: Contains the name of the action that was executed.

•

Action Description: Contains a description for the action that was taken.

•

Result: Contains the result of the action.

•

Result Description: Contains more detailed information about the outcome of the result, including a
possible cause if known.

•

Restored: Contains information about whether or not the action can be undone or restored. The
contents of this field serve as a link for restoring conditions prior to the execution of an action. For

example, if the action taken was to shut down an interface, restoring the action brings the interface
up.

•

Result: Contains a result for the restore action. This field is empty if no restore action was taken.

•

Result Description: Contains more detailed information about the outcome of the restore result,
including a possible cause if known. This field is empty if no restore action was taken.

3.

Click Refresh located at the top of the Execution Result List to query IMC for any updates to the
Execution Result List.

4.

Click Back to return to the Attack Alarm List.

Configuring alarm matching policies

Operators can define alarm matching policies to filter alarms and enable the actions defined in a
security control policy to be taken only for the matching alarms. SCC filters alarms by alarm OID and

further by alarm variable matching rule.
SCC maintains a set of variables to which different actions are to be taken. These variables are known

as action variables. Different types of alarms can have multiple variables mapped to the same action

variable. Operators can configure mappings between alarm variables and action variables in each
alarm matching policy, so SCC can correctly identify alarm variables and take correct actions on them.
In an alarm matching policy, operators can configure mappings between alarm variables and action

variables. With the mappings, SCC can identify alarms variables and then take correct actions to the

alarms.
Operators can add, modify, and delete user-defined alarm matching policies, but cannot modify or

delete pre-defined alarm matching policies.