Network Honeypot (Rb_Portfaker_Collection) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1 Manual

Table 18: Traffic Anamolies Rulebase Date Elements (continued)
Data Element
log-actions
vlan
severity
target_collection

Network Honeypot (rb_portfaker_collection)

Copyright © 2010, Juniper Networks, Inc.
Description
Log action settings. Possible settings include configuring:
SNMP
Syslog
CVS
XML
script
e-mail
This parameter configures a rule that only applies to messages in specified VLANs. The possible
settings are:
Any (default) = Any rule will be applied to messages in any VLAN and to messages without
a VLAN tag. This setting has the same effect as not specifying a VLAN. Any can be sent to
devices that do not support VLAN tagging.
None = A rule will be applied only to messages that do not have a VLAN tag. Rules with this
value set cannot be sent to devices that do not support VLAN tagging.
vlan_list_collection = Specifies the VLAN tags to which the rule applies. You must create VLAN
objects before applying them to the rules. Rules with this value set cannot be sent to devices
that do not support VLAN tagging.
Severity of the attack. Within the IDP rulebase, you can override the ordinary attack severity on
a per-rule basis. Possible settings:
Default
Info
Warning
Minor
Major
Critical
Specifies the security devices or templates that will receive and use this rule. You can select
multiple security devices on which to install the rule.
The network honeypot rulebase (rb_portfaker_collection) protects your network by
impersonating open ports on existing servers on your network and alerting you to attackers
performing port scans and other information-gathering activities.
These data elements are illustrated and described in Figure 14 on page 52 and Table 19
on page 52.
Chapter 5: Security Data Model
51