How Can I Verify That Strm Is Receiving Valid Exploit Offenses - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual

Category offense investigation guide

Hide thumbs Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1:

Administration manual (370 pages)

Manual (228 pages)

Getting started (14 pages)

Table Of Contents

Table of Contents

XPLOIT

FFENSES

Step 8

How Can I Verify

That STRM is

Receiving Valid

Exploit Offenses?

Step 1

Step 2

Step 3

Click Tune.

STRM will no longer create additional offense for this source IP address when this

type of activity occurs.

To verify that STRM is receiving valid offenses:

By default, STRM automatically removes noise and false positives commonly

associated with IDS devices. However, there are certain circumstances where

STRM may not create an offense for an attack. For example, when no vulnerability

information exists in the asset profile and an attempt is made to exploit that asset

(using a common tool, such as Metasploit), STRM may not create an offense for

this attack if no other corresponding suspicious activity is detected or could be

correlated to indicates a successful attack. If you wish all exploit attempts to

become offenses, see

STRM may also not generate an offense for an exploit as a result of the data

source. We recommend that you verify that the IDS is monitoring a location where

it is able to detect the attack. You can also use the Event Viewer to search for the

attacker's IP address. If an exploit event is not detected, verify your IDS

configuration.

If you are not able to use vulnerability information, STRM provides additional

options. For example, STRM searches for an attacker attempting multiple methods

of exploits against a target so if you run multiple exploits, STRM creates an

offense. You can also exploit multiple targets with the same attack, which

generates an offense. You can adjust these thresholds by editing the Custom

Rules with exploits.

In the Rules function within the Offense Manager, you can enable or disable rules,

as necessary. You can enable any rules that allow STRM to make all exploit

attempts become offenses. We do not recommend that you do not deploy this

within a live environment but is useful for testing purposes.

Category Offense Investigation Guide

Step

Table of Contents

This manual is also suitable for:

Security threat response manager

How Can I Verify That Strm Is Receiving Valid Exploit Offenses - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual

Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1

Related Content for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1

This manual is also suitable for:

Table of Contents