Table of Contents
Advertisement
Table 2-12 Exploit Categories (continued)
Low Level Event
Category
Session Hijack
Worm Active
Password
Guess/Retrieve
FTP Exploit
RPC Exploit
SNMP Exploit
NOOP Exploit
Samba Exploit
Database Exploit
SSH Exploit
ICMP Exploit
UDP Exploit
Browser Exploit
DHCP Exploit
Remote Access
Exploit
ActiveX Exploit
SQL Injection
Malware
Table 2-13 Malware Categories
Low Level Event
Category
Description
Unknown Malware Indicates an unknown virus.
Backdoor Detected Indicates that a backdoor to the
system has been detected.
Hostile Mail
Indicates a hostile mail
Attachment
attachment.
Malicious Software Indicates a virus.
Description
Indicates a session in your
network has been interceded.
Indicates an active worm.
Indicates that a user has
requested access to their
password information from the
database.
Indicates an FTP exploit.
Indicates an RPC exploit.
Indicates an SNMP exploit.
Indicates an NOOP exploit.
Indicates an Samba exploit.
Indicates a database exploit.
Indicates an SSH exploit.
Indicates an ICMP exploit.
Indicates a UDP exploit.
Indicates an exploit on your
browser.
Indicates a DHCP exploit
Indicates a remote access
exploit
Indicates an exploit through an
ActiveX application.
Indicates that an SQL injection
has occurred.
The malicious software (malware) category indicates events relating to application
exploits and buffer overflow attempts. The associated low-level event categories
include:
STRM Event Category Correlation Reference
Severity Level
Event Correlation/
(0 to 10)
Processing
9
Correlation Group 2 Scenario 2
10
Correlation Group 1 Scenario 2
9
Correlation Group 2 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
9
Correlation Group 1 Scenario 2
Severity Level
Event Correlation/
(0 to 10)
Processing
4
Correlation Group 2 Scenario 2
9
Correlation Group 2 Scenario 2
6
Correlation Group 2 Scenario 2
6
Correlation Group 2 Scenario 2
Malware
25
Additional Event
Processing
Additional Event
Processing
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
Need help?
Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1 and is the answer not in the manual?
Questions and answers