How Do I Tune A Sim Audit Offense; Tuning Using False Positive Function - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual
Category offense investigation guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1:
- Administration manual (370 pages) ,
- Manual (228 pages) ,
- Getting started (14 pages)
Table of Contents
Advertisement
12
SIM A
O
UDIT
FFENSES
Step 11
Step 12
How do I Tune a
SIM Audit Offense?
Tuning Using False
Positive Function
Step 1
Once you have determined the impact of the offense, you must either block the
source of the unauthorized configuration activity, then take the desired action
against the offense.
Once you have resolved the offense, close or hide the offense.
For more information on closing or hiding an offense, see the STRM Users Guide.
If you determine that the SIM audit activity is normal and STRM is creating false
positive offenses, you can tune STRM to make sure no more offenses are created
due to this activity.
You can tune STRM using one of the following methods:
Tuning Using False Positive Function
•
Tuning Using Custom Rules Wizard
•
To tune SIM audit activity using the false positive function:
In the SIM audit offense details interface, click
The List of Events appears for the selected offense.
Category Offense Investigation Guide
Events.
Advertisement
Table of Contents
