Exploit Offenses; What Is An Exploit Attack; How Do I Investigate An Exploit Offense - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual

6
What is an Exploit
Attack?
How do I
Investigate an
Exploit Offense
Step 1
Step 2
E O
XPLOIT
This chapter provides information on an exploit attack including:

What is an Exploit Attack?

•

How do I Investigate an Exploit Offense

•
• How do I Tune an Exploit Offenses?
STRM generates exploit offenses when the events associated to an offense are
part of the exploit category. Typically, exploit events are generated by Intrusion
Detection Systems (IDSs) or Intrusion Prevention System (IPSs). These systems
may include stand-alone network sensors such as Sourcefire or Enterasys
Dragon, part of an IPS within a firewall (such as Juniper Networks ISG), or
host-based IDS systems (such as the Cisco Security Agent). By default, STRM
attempts to detect high exploits that are likely to be successful or show a pattern of
the attacker attempting to exploit multiple host or using multiple types of attacks.
Unfortunately, these devices may cause the creation of false positive offenses so
you can tune STRM to no longer create offenses for these events while
maintaining an audit of all events generated from the device for compliance and
forensics purposes.
To investigate an exploit offense:
Click the Offense Manager tab.
The Offense Manager window appears.
Click By Category from the navigation menu.
The By Category view appears displaying high-level categories. The counts for
each category are accumulated from the values in the low-level categories.
Hint: Only low-level categories with associated offenses appear with an arrow.
You can click the arrow to view the associated low-level categories. If you wish to
view all categories, click Show Inactive Categories.
Category Offense Investigation Guide
FFENSES