Microsoft Windows Security Event Log - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual

Configuring dsms

Hide thumbs Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1:

Administration manual (370 pages)

Manual (94 pages)

Getting started (14 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

page of 228

/ 228
Contents
Table of Contents
Bookmarks

Table of Contents

Step 1

Step 2

Step 3

Step 4

Step 5

Step 6

Step 7

ICROSOFT

VENT

A STRM Microsoft Windows Security Event Log DSM accepts events using syslog

from relevant authentication and authorization events. You can integrate Window

server versions 2000/XP with STRM using one of the following methods:

Use the STRM Adaptive Log Exporter. For more information on the Adaptive

•

Log Exporter, see the Adaptive Log Exporter Users Guide.

Set-up the Snare Agent to forward windows security event logs to STRM.

•

To set-up the Snare Agent to forward windows security event logs to STRM:

Download and install the Snare Agent.

Note: To download a Snare Agent, see the following web site:

www.intersectalliance.com/projects/index.html

In the Snare Agent interface, select Audit Configuration.

Note: If you are using the web interface, select Network Configuration.

In the Enter the remote IP or DNS address field, enter the IP address of the STRM

system.

Note: If you are using the web interface, you must enter the IP address of the

STRM system in the Destination Snare Server address field.

Make sure the Enable Syslog Header check box is selected.

Click Objectives Configuration.

Select the check boxes to determine which Windows events you wish to forward to

STRM.

From the menu, select Activity > Apply and restart Audit.

Note: The value entered in the override host name detection with field must match

the IP address or hostname assigned to the device configured in the STRM setup.

You are now ready to configure the sensor device within the STRM interface. To

configure STRM to receive events from a Windows security event log, you must

select the Microsoft Windows Security Event Log option from the Sensor

Device Type drop-down list box. For more information on configuring devices, see

the Managing Sensor Devices Guide.

For more information regarding your server, see your vendor documentation.

Configuring DSMs Guide

INDOWS

ECURITY

Table of Contents

This manual is also suitable for:

Security threat response manager

Microsoft Windows Security Event Log - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual

Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1

Related Content for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1

This manual is also suitable for:

Table of Contents