Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1 Manual page 71

Table 19: Network Honeypot Rulebase Data Elements (continued)
Data Element
ruleno
comments
enabled
rb_link
customOptions_collection
src_addr_collection
src_addr_negate
dst_addr_collection
dst_addr_negate
service
op
ipaction
log
log-actions
vlan
Copyright © 2010, Juniper Networks, Inc.
Description
Rule number
Comments about the network honeypot (portfaker) collection.
Collection enabled.
Portfaker Link collection
Custom options.
Address of the traffic source.
Negates the specified source address.
Destination address for the traffic.
Negates the specified destination address.
Service
Operation
Enables and configures an IP action to prevent future malicious connections from the
attacker's IP address.
Logging
Action to be taken on the log. This can include configuring SNMP, Syslog, CSV, XML, script,
and e-mail settings.
This parameter configures a rule that only applies to messages in specified VLANs. The
possible settings are:
Any (default) = Any rule will be applied to messages in any VLAN and to messages
without a VLAN tag. This setting has the same effect as not specifying a VLAN. Any can
be sent to devices that do not support VLAN tagging.
None = A rule will be applied only to messages that do not have a VLAN tag. Rules with
this value set cannot be sent to devices that do not support VLAN tagging.
vlan_list_collection = Specifies the VLAN tags to which the rule applies. You must create
VLAN objects before applying them to the rules. Rules with this value set cannot be sent
to devices that do not support VLAN tagging.
Chapter 5: Security Data Model
53