How Do I Tune A System Offense - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual
Category offense investigation guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1:
- Administration manual (370 pages) ,
- Manual (228 pages) ,
- Getting started (14 pages)
Table of Contents
Advertisement
80
S
O
YSTEM
FFENSES
Step 8
Step 9
How do I Tune a
System Offense?
Step 1
Step 2
Step 3
Step 4
Step 5
Once you determine the root cause of the error, notify the proper administrators to
rectify the situation. If you have determined this behavior is normal, you can tune
STRM to no longer detect this activity. For more information, see
System
Offense?.
Once you are satisfied that you have resolved the offense, you can close or hide
the offense.
For more information on closing or hiding an offense, see the STRM Users Guide.
If you determine that the system activity is normal and STRM is creating false
positive offenses, you can tune STRM to make sure no more offenses are created
due to this activity.
To tune system activity using the false positive function:
In the offense details interface, click
The List of Events window appears.
Select the event that includes the known source IP address that is reported to
produce system activity.
Click
False Positive.
The False Positive window appears with information derived from the selected
event.
Select the necessary event properties to tune as a false positive.
Click Tune.
Offense Category Investigation Guide
Events.
How do I Tune a
Advertisement
Table of Contents
