Authentication Offenses; What Is An Authentication Offense; How Do I Investigate An Authentication Offense - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual

3
What is an
Authentication
Offense?
How do I
Investigate an
Authentication
Offense?
Step 1
Step 2
A
UTHENTICATION
This chapter provides information on authentication offenses including:

What is an Authentication Offense?

•

How do I Investigate an Authentication Offense?

•
• How do I Tune an Authentication Offense?
Typically, the first level of network security starts with authentication. When a user
navigates a protected network, the network generally requires authentication at
various level of the network infrastructure. STRM supports the monitoring of many
authentication points throughout a network, including host machines, firewalls,
databases, application servers, and authentication servers.
While analyzing authentication events from devices, STRM detects any abnormal
or potentially threatening activity, for example, when there are multiple log in
failures followed by a successful login. Since authentication activity is based on
access to the network, STRM creates offenses when invalid users are attempting
to, or more importantly, have already gained access to the network. STRM
features intelligent security event logic capable of filtering authentication-based
activity and creating offenses on truly suspicious behavior.
To investigate an authentication offense:
Click the Offense Manager tab.
The Offense Manager window appears.
Click By Category from the navigation menu.
The By Category view appears displaying high-level categories. The counts for
each category are accumulated from the values in the low-level categories.
Hint: Only low-level categories with associated offenses appear with an arrow.
You can click the arrow to view the associated low-level categories. If you wish to
view all categories, click Show Inactive Categories.
Offense Category Investigation Guide
O
FFENSES