Table of Contents
Advertisement
Network and Security Manager Administration Guide
Viewing Attack Version Information for Attack Objects and Groups
Updating Predefined IDP Attack Objects and Groups
Configuring Custom DI and IDP Attack Objects
340
A predefined static group can include the following members:
Predefined attack objects
Predefined static groups
Predefined dynamic groups
To display a detailed description of an attack object group, double-click the attack.
NSM lets you look at the details of predefined attack objects and groups. Not all details
are applicable to all attacks.
The Pattern field under the Detection tab in the Attack Version dialog box contains the
regular expression used to identify the attack. Juniper Networks Security Engineering may
choose to hide the exact pattern for specific attack objects. This is done to protect the
confidentiality of either the source or target of the specific attack object. In such cases,
the field displays Protected instead of the regular expression.
To view attack version information, click one of the Supported Platform links within an
attack object dialog box.
Juniper Networks updates the predefined attack objects and groups on a regular basis
with newly-discovered attack patterns. You can update the attack object database on
your security devices by downloading the new attacks and groups to the NSM GUI Server,
then installing the new database on your devices.
NOTE: You cannot create, edit, or delete predefined attack object or groups.
Updates to the attack object database can include:
New descriptions or severities for existing attack objects
New attack objects
Deletion of obsolete attack objects
You can create custom DI and IDP attack objects to detect new attacks or customize
copies of existing attack objects to meet the unique needs of your network. For example,
you might want to edit the context of a custom attack object that is producing too many
false positives on your network, or you might want to create a new custom attack object
to detect the latest virus or Trojan that is sweeping the Internet.
The attack object creation process is similar for custom DI and IDP attack objects. To
create both object types, you use the Attack Object Wizard to enter attack object
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
