Creating Dynamic Attack Groups (Idp Only) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Table of Contents

Advertisement

Network and Security Manager Administration Guide

Creating Dynamic Attack Groups (IDP Only)

364
For instructions for creating a static attack object group, see the NSM Online Help topic
"Adding Static Attack Groups."
A dynamic group contains a dynamic set of attack objects that are automatically added
or deleted based on specified criteria for the group. For example, an attack database
update can add or remove attack objects from a dynamic group based on the group
criteria. This eliminates the need to review each new signature to determine if you need
to use it in your existing security policy.
A predefined or custom dynamic group can only contain attack objects and not attack
groups. Dynamic group members can be either predefined or custom attack objects.
To create a custom dynamic group:
In Object Manager, select Attack Objects > IDP Objects. The IDP Objects dialog box
1.
appears.
Click the Custom Attack Groups tab, then click the Add icon and select Add Dynamic
2.
Group. The New Dynamic Group dialog box appears.
Enter a name and description for the static group. Select a color for the group icon.
3.
In the Filters tab, click the Add icon and select one of the following:
4.
Add Products Filter to add attack objects based on the application that is vulnerable
to the attack.
Add Severity Filter to add attack objects based on the attack severity.
NOTE: All predefined attack objects are assigned a severity level by Juniper
Networks. However, you can edit this setting to match the needs of your
network.
Add Category Filter to add attack objects based on category.
Add Last Modified Filter to add attack objects based on their last modification date.
Add Recommended Filter to include only attacks designated to be the most serious
threats to the dynamic group. In the future, Juniper Networks will designate only attacks
it considers to be serious threats as Recommended. These settings will be updated
with new attack object updates. In addition, you can designate custom attack objects
as Recommended or not.
You create filters one at a time; each criteria you add is compared to the attributes for
each attack object. Attack objects that do not match the criteria are immediately filtered
out. If you create a filter with attributes that no attack object can match, a message
appears warning you that your dynamic group has no members.
Copyright © 2010, Juniper Networks, Inc.

Advertisement

Table of Contents
loading

This manual is also suitable for:

Network and security manager 2010.4

Table of Contents