Table of Contents
Advertisement
High-Level Event
Categories
The high-level event categories include:
Table 2-1 High-Level Event Categories
Category
Description
Recon
Events relating to scanning and other techniques used to identify
network resources, for example, network or host port scans.
DoS
Events relating to Denial of Service (DoS) or Distributed Denial of
Service (DDoS) attacks against services or hosts, for example,
brute force network DoS attacks.
Authentication
Events relating to authentication controls, group, or privilege
change, for example, log in or log out.
Access
Events resulting from an attempt to access network resources,
for example, firewall accept or deny.
Exploit
Events relating to application exploits and buffer overflow
attempts, for example, buffer overflow or web application
exploits.
Malware
Events relating to viruses, trojans, back door attacks, or other
forms of hostile software. This may include a virus, trojan,
malicious software, or spyware.
Suspicious
The nature of the threat is unknown but behavior is suspicious
Activity
including protocol anomalies that potentially indicate evasive
techniques, for example, packet fragmentation or known IDS
evasion techniques.
System
Events related to system changes, software installation, or status
messages.
Policy
Events regarding corporate policy violations or misuse.
CRE
Events generated from an offense or event rule. For more
information on creating custom rules, see the STRM
Administration Guide.
Potential Exploit
Events relating to potential application exploits and buffer
overflow attempts.
SIM Audit
Events relating to user interaction with the Console and STRM
Administration Console.
VIS Host
Events relating to the host, ports, or vulnerabilities that the VIS
Discovery
component discovers.
Application
Events relating to application activity.
STRM Event Category Correlation Reference
About Event Category Correlation
3
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
Need help?
Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REFERENCE GUIDE REV 1 and is the answer not in the manual?
Questions and answers