Sim Audit Offenses; What Is Sim Audit; How Do I Investigate A Sim Audit Offense - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual

2

What is SIM Audit?

How do I
Investigate a SIM
Audit Offense?
Step 1
Step 2
SIM A
UDIT
This chapter provides information on SIM audit offenses including:
What is SIM Audit?
•

How do I Investigate a SIM Audit Offense?

•
• How do I Tune a SIM Audit Offense?
STRM generates an records SIM audit events for system and configuration
changes occurring within the STRM deployment. This information may be required
for compliance regulations, troubleshooting, or internal tracking.
When STRM detects suspicious or unapproved SIM audit events, a SIM audit
offense is created. STRM is able to monitor SIM audit activity for many different
aspects of the STRM product. In certain situations, this data may also be combined
with other events and flows associated to the attacker, and correlated into one
offense. If an attacker does gain access to the STRM system, they may try and
de-activate certain features or turn monitoring off on certain areas of the network.
These suspicious changes would generate an offense in STRM.
This section provides information on further investigating SIM audit offenses.
To investigate SIM audit offenses:
Click the Offense Manager tab.
The Offense Manager window appears.
Click By Category from the navigation menu.
The By Category view appears displaying high-level categories. The counts for
each category are accumulated from the values in the low-level categories.
Hint: Only low-level categories with associated offenses appear with an arrow.
You can click the arrow to view the associated low-level categories. If you wish to
view all categories, click Show Inactive Categories.
Category Offense Investigation Guide
O
FFENSES