How Do I Tune A Policy Offense; Tuning Using False Positive Function - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual
Category offense investigation guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1:
- Administration manual (370 pages) ,
- Manual (228 pages) ,
- Getting started (14 pages)
Table of Contents
Advertisement
54
P
O
OLICY
FFENSES
Step 9
Step 10
How do I Tune a
Policy Offense?
Tuning Using False
Positive Function
Step 1
Step 2
Step 3
Once you have determined the impact of the offense, you must perform the
necessary steps to rectify the source of the activity. If you have determined this
behavior is normal, you can tune STRM to no longer detect this activity. For more
information, see
How do I Tune a Policy
Once you are satisfied that you have resolved the offense, you can close or hide
the offense.
For more information on closing or hiding an offense, see the STRM Users Guide.
If you determine that the policy activity is normal and STRM is creating false
positive offenses, you can tune STRM to make sure no more offenses are created
due to this activity.
You can tune STRM using one of the following methods:
•
Tuning Using False Positive Function
Tuning Using Custom Rules Wizard
•
To tune policy activity using the false positive function:
In the offense details interface, click
The List of Events appears.
Select the event that includes the known source IP address that is reported to
produce suspicious activity.
Click
False Positive.
The False Positive window appears with information derived from the selected
event.
Category Offense Investigation Guide
Offense?.
Events.
Advertisement
Table of Contents
