Table of Contents
Advertisement
14
E
C
VENT
ATEGORY
Additional Event
Processing
Recon
Table 2-8 Recon Categories
Low Level Event
Category
Description
Unknown Form of
Indicates an unknown form of
Recon
reconnaissance.
Application Query
Indicates reconnaissance to
applications on your system.
C
ORRELATION
Table 2-7 Correlation Group 5 Tests (continued)
Traffic Type
Local-to-Remote
Remote-to-Local
Each event is processed using one of the following scenarios:
•
Scenario 1 - Event information is forwarded to the Magistrate component by
automatically creating offenses. Even though offenses are created
automatically, no real-time flow analysis is performed. Events are stored in the
Event Processor.
•
Scenario 2 - Events are stored in the Event Processor. Offenses are not
automatically created and no flow analysis is performed.
The Recon category indicates events relating to scanning and other techniques
used to identify network resources. The associated low-level event categories
include:
STRM Event Category Correlation Reference
Correlation Rules (Tests)
Correlation Group 5 performs the following tests for
Local-to-Remote traffic:
Relevance of the day of the week
•
Device credibility
•
Event rate
•
Attacker network
•
Time of the attack
•
Note: For test details, see
Correlation Group 5 performs the following tests for
Remote-to-Local traffic:
Relevance of the day of the week
•
Device credibility
•
Event rate
•
Target
•
Target network
•
Time of the attack
•
Note: For test details, see
Severity Level
(0 to 10)
2
3
Table 2-2
.
Table 2-2
.
Event Correlation/
Additional Event
Processing
Processing
Correlation Group 2 Scenario 2
Correlation Group 2 Scenario 2
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
Need help?
Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1 and is the answer not in the manual?
Questions and answers