Table of Contents
Advertisement
Table 2-14 Suspicious Categories (continued)
Low Level Event
Category
Suspicious ICMP
Type
Suspicious ICMP
Code
TCP port 0
UDP port 0
Hostile IP
Watch list IP
Known offender IP
RFC 1918 (private)
IP
Potential VoIP
Vulnerability
Blacklist Address
Watchlist Address
Darknet Address
Botnet Address
Suspicious Address Indicates that the IP address
Description
Indicates a potentially invalid
ICMP type has been detected.
Indicates a potentially invalid
ICMP code has been detected.
Indicates a TCP packet using a
reserved port (0) for source or
destination.
Indicates a UDP packets using a
reserved port (0) for source or
destination.
Indicates the use of a known
hostile IP address.
Indicates the use of an IP
address from a watch list of IP
addresses.
Indicates the use of an IP
address of a known offender.
Indicates the use of an IP
address from a private IP address
range.
Indicates a potential VoIP
vulnerability.
Indicates that an IP address is on
the black list.
Indicates that the IP address is
on the list of IP addresses being
monitored.
Indicates that the IP address is
part of a darknet.
Indicates that the address is part
of a botnet.
should be monitored.
STRM Event Category Correlation Reference
Suspicious Activity
Severity Level
Event Correlation/
(0 to 10)
Processing
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
4
Correlation Group 2 Scenario 2
8
Correlation Group 2 Scenario 2
7
Correlation Group 2 Scenario 2
5
Correlation Group 2 Scenario 2
7
Correlation Group 2 Scenario 2
5
Correlation Group 2 Scenario 2
29
Additional Event
Processing
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
Need help?
Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1 and is the answer not in the manual?
Questions and answers