User Defined Offenses; What Is A User Defined Offense; How Do I Investigate A User Defined Offense - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual

14
What is a User
Defined Offense?
How do I
Investigate a User
Defined Offense?
Step 1
Step 2
U D
SER EFINED
This chapter provides information on user defined offenses including:

What is a User Defined Offense?

•

How do I Investigate a User Defined Offense?

•
• How do I Tune a User Defined Offense?
You can use many different tools, techniques, and strategies to protect your
network. The variety of techniques implemented by the numerous security devices
available makes defining network attacks and offenses an increasingly complex
task. STRM allows you to map events that do not belong to traditional event
categories as user defined offenses.
STRM generates a user defined offense when many user defined events are
detected by the system. You can define your own custom algorithm's into the
system and map the resulting offenses to the user defined category. This allows
you to identify extraordinary or non-traditional network offenses.
To investigate a user defined offense:
Click the Offense Manager tab.
The Offense Manager window appears.
Click By Category from the navigation menu.
The By Category view appears displaying high-level categories. The counts for
each category are accumulated from the values in the low-level categories.
Hint: Only low-level categories with associated offenses appear with an arrow.
You can click the arrow to view the associated low-level categories. If you wish to
view all categories, click Show Inactive Categories.
Offense Category Investigation Guide
O
FFENSES