Setting Vlan Tags For Ape Rules; Setting Severity For Ape Rules - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide

Setting VLAN Tags for APE Rules

Setting Severity for APE Rules

490
NOTE: J Series routers and SRX Seriesgateways do not send packet data to
NSM. If your policy rules attempt to do so, NSM does not log the data.
Setting Logging—In the Configure Notification dialog box, select Logging and then click
OK. Each time the rule is matched, the NSM system creates a log record that appears
in the Log Viewer.
Setting an Alert—In the Configure Notification dialog box, select Alert and then click
OK. If the rule is matched, the security device places an alert flag in the Alert column
of the Log Viewer for the matching log record.
Logging Packets—You can record the individual packets in the network traffic that
matched a rule by capturing the packet data for the attack. Viewing the packets used
in an attack on your network can help you determine the extent of the attempted attack
and its purpose, whether or not the attack was successful, and any possible damage
to your network.
NOTE: To improve performance, log only the packets after the attack.
If multiple rules with packet capture enabled match the same attack, the security
device captures the maximum specified number of packets. For example, you configure
Rule 1 to capture 10 packets before and after the attack, and Rule 2 to capture 5 packets
before and after the attack. If both rules match the same attack, IDP attempts to
capture 10 packets before and after the attack.
NOTE: Packet captures are restricted to 256 packets before and after the
attack.
You can specify that the rule be applied only to packets from particular VLANs. See
"Setting VLAN Tags for IDP Rules" on page 480 more information.
This column only appears when you view the security policy in Expanded Mode. To change
the security policy view from Compact Mode to Expanded Mode, from the menu bar,
select View > Expanded Mode.
You can override the inherent attack severity on a per-rule basis within the APE rulebase.
You can set the severity to Default, Info, Warning, Minor, Major, or Critical.
To change the severity for a rule, right-click the Severity column of the rule and select a
severity.
Copyright © 2010, Juniper Networks, Inc.