System - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1 Reference Manual

Event category correlation reference guide

Hide thumbs

Table Of Contents

Table of Contents

VENT

ATEGORY

System

Table 2-15 System Categories

Low Level Event

Category

Unknown System

Event

System Boot

System

Configuration

System Halt

System Failure

System Status

System Error

Misc System Event

Service Started

Service Stopped

Service Failure

Successful Registry

Modification

Successful

Host-Policy

Modification

Successful File

Modification

Successful Stack

Modification

Successful

Application

Modification

Successful

Configuration

Modification

Successful Service

Modification

Failed Registry

Modification

ORRELATION

The system category indicates that the nature of threat is unknown but the

behavior is suspicious including protocol anomalies potentially indicating evasive

techniques. The associated low-level event categories include:

Description

Indicates an unknown system

event.

Indicates a system boot.

Indicates a change in the

system configuration.

Indicates the system has been

halted.

Indicates a system failure.

Indicates any information event. 1

Indicates a system error.

Indicates a miscellaneous

system event.

Indicates system services have

started.

Indicates system services have

stopped.

Indicates a system failure.