Creating Dynamic Groups - Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual

Creating Dynamic Groups

Table 36: Dynamic Attack Group Filters
Filter
Add Products Filter
Add Severity Filter
Add Category Filter
Copyright © 2010, Juniper Networks, Inc.
A dynamic group contains attack objects that are automatically added or deleted based
on specified criteria for the group. The NSM Object Manager includes predefined dynamic
groups that work with recommended attack objects, predefined attack objects, the
recommended security policy, and predefined policy templates.
When you run an NSM attack database update job, the process automatically performs
the following tasks:
For all new attack objects, compares the predefined attributes of each attack object
to each dynamic group criteria and adds the attack objects that match.
For all updated attack objects, removes attack objects that no longer meet their
dynamic group criteria.
Reviews updated attack objects to determine if they now meet any other dynamic
group criteria, and adds them to those groups if necessary.
For all deleted attack objects, removes the attack objects from their dynamic groups.
Use of dynamic groups eliminates the need to review each new signature to determine
if you need to use it in your existing security policy.
A predefined or custom dynamic group can contain only attack objects and not attack
groups. Dynamic group members can be either predefined or custom attack objects.
To create a custom dynamic group:
In Object Manager, select Attack Objects > IDP Objects to display the IDP Objects
1.
dialog box.
2. Click the Custom Attack Groups tab, then click the + icon and select Add Dynamic
Group to display the New Dynamic Group dialog box.
3. Enter a name and description for the static group. Select a color for the group icon.
4. In the Filters tab, click the + icon and add select filters that determine which attack
objects should be in the group using Table 36 on page 65.
Click the Members tab to view the attack objects now belonging to the group.
2.
Click OK to save your settings.
3.
Description
Filters attack objects based on the application that is vulnerable to the attack.
Filters attack objects based on attack severity.
NOTE: All predefined attack objects are assigned a severity level by Juniper Networks. However,
you can edit this setting to match the needs of your network.
Filters attack objects based on category.
Chapter 5: Working with Attack Objects
65