Table of Contents
Advertisement
36
E
C
VENT
ATEGORY
VIS Host Discovery
Table 2-20 VIS Host Discovery Category
Low Level Event
Category
New Host Discovered
New Port Discovered
New Vuln Discovered
New OS Discovered
Bulk Host Discovered
Application
Table 2-21 Application Category
Low Level Event
Category
Mail Opened
Mail Closed
Mail Reset
Mail Terminated
Mail Denied
C
ORRELATION
When the VIS component discovers and stores new hosts, ports, or vulnerabilities
detected on the network, the VIS component generates events. These events are
sent to the Event Collector to be correlated with other security events.
The associated low-level event categories include:
Description
Indicates that the VIS
component has detected a
new host.
Indicates that the VIS
component has detected a
new open port.
Indicates that the VIS
component has detected a
new vulnerability.
Indicates that the VIS
component has detected a
new operating system on a
host.
Indicates that the VIS
component has detected
many new hosts in a short
period of time.
The Application category indicates events relating to application activity, such as
e-mail or FTP activity. The associated low-level event categories include:
Description
Indicates that an e-mail
connection was established.
Indicates that an e-mail
connection was closed.
Indicates that an e-mail
connection was reset.
Indicates that an e-mail
connection was terminated.
Indicates that an e-mail
connection was denied.
STRM Event Category Correlation Reference
Severity Level
Event Correlation/
(0 to 10)
Processing
3
Correlation Group 5 Scenario 2
3
Correlation Group 5 Scenario 2
3
Correlation Group 5 Scenario 2
3
Correlation Group 5 Scenario 2
3
Correlation Group 5 Scenario 2
Severity Level
Event Correlation/
(0 to 10)
Processing
1
Correlation Group 3 Scenario 2
1
Correlation Group 3 Scenario 2
3
Correlation Group 3 Scenario 2
4
Correlation Group 3 Scenario 2
4
Correlation Group 3 Scenario 2
Additional Event
Processing
Additional Event
Processing
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
Need help?
Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1 and is the answer not in the manual?
Questions and answers