Universal Dsm - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual

84 U
NIVERSAL
STRM collects and correlates events from network infrastructure and security
devices. Once the events are collected and before the correlation can begin, the
individual events from these devices must be properly parsed to determine the
event name, IP addresses, protocol, and ports. For common network devices
(such as, NetScreen Firewalls) predefined DSMs have been engineered into
STRM to properly parse all event messages from the respective devices. Once the
events from a device have been parsed by the DSM, STRM can continue to
correlate events into offenses.
This chapter includes information on configuring a Universal DSM including:
• Using Device Extensions
Universal DSM Example
•
Building the Universal DSM XML Configuration File
•
• Configuring the Universal DSM within STRM
If an enterprise network has one or more network or security devices that are not
officially supported (no specific DSM for the device exists), you can use the
Universal DSM. The Universal DSM allows you to forward the following events
and messages from unsupported devices to STRM for correlation:
Syslog
•
SNMPv1
•
• SNMPv2
SNMPv3
•
SDEE
•
• JDBC
LEA
•
Juniper NSM
•
The Universal DSM is then defined (using regular expressions through an XML
definition file) by the administrator to parse and categorize the incoming events
providing the exact same functionality as supported DSMs.
Configuring DSMs Guide
DSM