Table of Contents
Advertisement
2
E
C
C
VENT
ATEGORY
ORRELATION
in the Ariel database and, in some circumstances, performs real-time flow analysis
to determine the appropriate routing of the event.
For example,
Figure 2-1
Processor for processing events. Once the Event Processor receives an event, the
Category Router determines the appropriate Correlation Group to apply tests to
the event. Once complete, the event is passed through the Custom Rules Engine
to determine the custom rules that apply to the event. The event is then passed
through the Ariel database for storage and the Flow Context and Routing
components to determine if real-time flow analysis should be performed and if the
event should automatically generate a new offense or become part of an existing
offense. If this is the case, the event is sent to the Magistrate. If real-time flow
analysis is requested of the event, a request is sent to the Classification Engine to
determine routing.
Event Collector
Events
Correlation
Correlation
Group 1
Group 2
Classification Engine
Figure 2-1 Event Category Correlation Process
This section includes:
•
High-Level Event Categories
Event Correlation Processing
•
Additional Event Processing
•
STRM Event Category Correlation Reference
provides a representation of the process within the Event
Event Collector
Events
Events
Event Processor
Category Router
Correlation
Correlation
Group 3
Group 4
Custom Rules
Engine
Ariel DB Storage
Flow Context and Routing
Magistrate
Correlation
Group 5
External Event
Exported to:
E-mail
Syslog
SNMP
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
Need help?
Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1 and is the answer not in the manual?
Questions and answers