How Do I Tune A User Defined Offense - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual

86 U D O
SER EFINED FFENSES
Step 8
Step 9
How do I Tune a
User Defined
Offense?
Step 1
Step 2
Once you have determined the impact of the offense, you must perform the
necessary steps to rectify the source of the activity. If you have determined this
behavior is normal, you can tune STRM to no longer detect this activity. For more
information, see How do I Tune a User Defined
Once you are satisfied that you have resolved the offense, you can close or hide
the offense.
For more information on closing or hiding an offense, see Investigating Offenses in
the STRM Users Guide.
If you determine that the activity is normal and STRM is creating false positive
offenses, you can tune STRM to make sure no more offenses are created due to
this activity.
To tune reconnaissance activity using the custom rules wizard:
In the navigation bar of the Offense Manager, click Rules.
The Rules interface appears.
Click New Event Rule.
Offense Category Investigation Guide
Offense?.