Table of Contents
Advertisement
Table 2-14 Suspicious Categories (continued)
Low Level Event
Category
Suspicious File
Name
Suspicious Port
Activity
Suspicious Routing Indicates suspicious routing.
Potential Web
Vulnerability
Unknown Evasion
Event
IP Spoof
IP Fragmentation
Overlapping IP
Fragments
IDS Evasion
DNS Protocol
Anomaly
FTP Protocol
Anomaly
Mail Protocol
Anomaly
Routing Protocol
Anomaly
Web Protocol
Anomaly
SQL Protocol
Anomaly
Executable Code
Detected
Misc Suspicious
Event
Information Leak
Potential Mail
Vulnerability
Potential Version
Vulnerability
Potential FTP
Vulnerability
Potential SSH
Vulnerability
Potential DNS
Vulnerability
Description
Indicates a suspicious file name.
Indicates suspicious port activity. 3
Indicates potential web
vulnerability.
Indicates an unknown evasion
event.
Indicates an IP spoof.
Indicates IP fragmentation.
Indicates overlapping IP
fragments.
Indicates an IDS evasion.
Indicates a DNS protocol
anomaly.
Indicates an FTP protocol
anomaly.
Indicates a mail protocol
anomaly.
Indicates a routing protocol
anomaly.
Indicates a web protocol
anomaly.
Indicates an SQL protocol
anomaly.
Indicates that an executable code
has been detected.
Indicates a miscellaneous
suspicious event.
Indicates an information leak.
Indicates a potential vulnerability
in the mail server.
Indicates a potential vulnerability
in the STRM version.
Indicates a potential FTP
vulnerability.
Indicates a potential SSH
vulnerability.
Indicates a potential vulnerability
in the DNS server.
STRM Event Category Correlation Reference
Suspicious Activity
Severity Level
Event Correlation/
(0 to 10)
Processing
3
Correlation Group 2 Scenario 2
Correlation Group 2 Scenario 2
3
Correlation Group 2 Scenario 2
3
Correlation Group 2 Scenario 2
5
Correlation Group 2 Scenario 2
5
Correlation Group 2 Scenario 2
3
Correlation Group 2 Scenario 2
5
Correlation Group 2 Scenario 2
5
Correlation Group 2 Scenario 2
3
Correlation Group 2 Scenario 2
3
Correlation Group 2 Scenario 2
3
Correlation Group 2 Scenario 2
3
Correlation Group 2 Scenario 2
3
Correlation Group 2 Scenario 2
3
Correlation Group 2 Scenario 2
5
Correlation Group 2 Scenario 2
3
Correlation Group 2 Scenario 2
1
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
27
Additional Event
Processing
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
Need help?
Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1 and is the answer not in the manual?
Questions and answers