Download Print this page

Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE Manual page 11

Aql event and flow query cli guide

Hide thumbs

Table Of Contents

Table of Contents

Table 1-2 Supported Fields (continued)

Table

Supported Statement

eventCount

eventDirection

hasOffense

highLevelCategory

magnitude

payload

postNatDestinationIP

postNatDestinationPort

postNatSourceIP

postNatSourcePort

preNatDestinationIP

preNatDestinationPort

preNatSourceIP

preNatSourcePort

protocol

qid

relevance

severity

sourceIP

sourceMAC

sourceNetwork

sourcePort

startTime

token

unparsed

userName

For example:

select sourceIP, destinationIP, application from flows where

protocol = 'TCP.tcp_ip'

select category, credibility from events where severity > 8

select * from events where credibility >=9

You can also use CIDR based queries using the select statement. To query by

source IP address (sourceIP) or by destination IP address (destinationIP) using a

CIDR, use the following format:

AQL Event and Flow Query CLI Guide

Using a Select Statement

Table of Contents

Need help?

Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE and is the answer not in the manual?

Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE

This manual is also suitable for:

Security threat response manager

Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE Manual page 11

Need help?

Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE

Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE

This manual is also suitable for:

Table of Contents