How Do I Tune A Network Anomaly Offense - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual
Category offense investigation guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1:
- Administration manual (370 pages) ,
- Manual (228 pages) ,
- Getting started (14 pages)
Table of Contents
Advertisement
50
N
A
ETWORK
NOMALIES
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
How do I Tune a
Network Anomaly
Offense?
O
FFENSES
Click the At Time of Alert graph to investigate the flows creating this offense.
Click the graph to zoom in on the information.
Click the legend with the corresponding color to isolate the problem.
Click on the lower half of the graph.
In the Pivot To Box, click By Networks to further investigate the network location
of the issue.
In the View Flows Box, click Full.
Click the portion of the graph you wish to investigate.
In the table, click an IP address to further investigate the traffic for the host.
If you determine that the suspicious activity is normal and STRM is creating false
positive offenses, you can tune STRM to make sure no more offenses are created
due to this activity.
If you are monitoring an area of the network and need to remove a host from the
profile, you must add the host to a different network object and then remove that
object before applying the sentry. This action removes that host from the profile. If
the exception is complete, you may need to create an object in a view and remove
that as object as well.
Also, when creating a behavioral sentry, we recommend that you select the Test
Objects as Group check box.
For more information on STRM sentries, see the STRM Administration Guide.
Category Offense Investigation Guide
Advertisement
Table of Contents
