How Do I Tune An Access Offense - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual

Step 8
Step 9
How do I Tune an
Access Offense?
Step 1
Step 2
Step 3
Once you have determined the impact of the offense, you must perform the
necessary steps to rectify the source of the activity. If you have determined this
behavior is normal, you can tune STRM to no longer detect this activity. For more
information, see How do I Tune an Access
Once you are satisfied that you have resolved the offense, you can close or hide
the offense.
For more information on closing or hiding an offense, see Investigating Offenses in
the STRM Users Guide.
If you determine that the access activity is normal and STRM is creating false
positive offenses, you can tune STRM to make sure no more offenses are created
due to this activity.
To tune access activity using the false positive function:
In the offense details interface, click
The List of Events window appears.
Select the event that includes the known source IP address that is reported to
produce suspicious activity.
Click False Positive.
The False Positive window appears with information derived from the selected
event.
Offense Category Investigation Guide

How do I Tune an Access Offense?

Offense?.
Events.
7