Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - MANAGING SENSOR DEVICES REV 1 Manual
  1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - MANAGING SENSOR DEVICES REV...
  6. Manual
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - MANAGING SENSOR DEVICES REV 1 Manual

Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - MANAGING SENSOR DEVICES REV 1 Manual

Managing sensor devices
Hide thumbs Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - MANAGING SENSOR DEVICES REV 1:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual, Manual
Security Threat Response Manager
Managing Sensor Devices
Release 2008.2 R2
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Part Number: 530-027301-01, Revision 1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - MANAGING SENSOR DEVICES REV 1 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - MANAGING SENSOR DEVICES REV 1

Summary of Contents for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - MANAGING SENSOR DEVICES REV 1

  • Page 1 Security Threat Response Manager Managing Sensor Devices Release 2008.2 R2 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 408-745-2000 www.juniper.net Part Number: 530-027301-01, Revision 1...
  • Page 2 Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

  • Page 3: Table Of Contents

    ONTENTS BOUT UIDE Conventions Audience Technical Documentation Contacting Customer Support ANAGING ENSOR EVICES Configuring STRM Log Management to Receive Events Managing Sensor Devices Adding a Sensor Device Editing Sensor Devices Enabling/Disabling Sensor Devices Deleting a Sensor Device Configuring Protocols Adding a Protocol Editing a Protocol Deleting a Protocol Grouping Sensor Devices...

  • Page 5: About This Guide

    Documentation directly from the Juniper Networks support web site at https://juniper.net/support. Once you access the Juniper Networks support web site, locate the product and software release for which you require documentation. Your comments are important to us. Please send your e-mail comments about this guide or any of the Juniper Networks documentation to: documentation@juniper.net...

  • Page 6: Contacting Customer Support

    STRM Log Management, you can contact Customer Support as follows: Log a support request 24/7: https://juniper.net/support/ • For access to the Juniper Networks support web site, please contact Customer Support. Access Juniper Networks support and Self-Service support using e-mail: •...

  • Page 7: Anaging Ensor Evices

    ANAGING ENSOR EVICES You can configure STRM Log Management to log and correlate events received from external sources such as security equipment (for example, firewalls and IDSs) and network equipment (for example, switches and routers). Sensor devices allow you to integrate STRM Log Management with these external devices. This chapter provides information on configuring sensor devices to the system including: Configuring STRM Log Management to Receive Events...

  • Page 8: Managing Sensor Devices

    ANAGING ENSOR EVICES Managing Sensor A sensor device provides events to your deployment through DSMs. Using the Devices Administration Console, you can: Add a sensor device. See Adding a Sensor Device. • Edit an existing sensor device. See Editing Sensor Devices.
  • Page 9 Managing Sensor Devices Table 1-1 Add a Sensor Device Parameters Parameter Description Device Name Specify the desired name of the device. Sensor Device Type Using the drop-down list, select the type of sensor device you wish to add. Protocol Configuration Using the drop-down list box, select the protocol you wish to use for this sensor device.

  • Page 10: Editing Sensor Devices

    ANAGING ENSOR EVICES Table 1-1 Add a Sensor Device Parameters Parameter Description Device Extension Using the drop-down list box, select the device extension you wish to use for this sensor device. Device extensions allow you to immediately extend the parsing routines of specific devices, which ensures DSMs send valid data to STRM.
  • Page 11 Managing Sensor Devices Edit values for the parameters, as necessary: Step 5 Table 1-2 Edit a Sensor Device Parameters Parameter Description Device Name Specify the desired name of the device. Protocol Configuration Using the drop-down list box, select the protocol you wish to use for this sensor device.
  • Page 12 ANAGING ENSOR EVICES Table 1-2 Edit a Sensor Device Parameters (continued) Parameter Description Coalescing Events Enables or disables the ability of a sensor device to coalesce (bundle) events. The default is Yes. By default, all auto detected sensor devices use the value configured in the Coalescing Events parameter in the STRM Settings window.

  • Page 13: Enabling/Disabling Sensor Devices

    Managing Sensor Devices Enabling/Disabling To enable or disable sensor devices: Sensor Devices In the Administration Console, click the SIM Configuration tab. Step 1 The SIM Configuration panel appears. Click the Sensor Devices icon. Step 2 The Sensor Devices window appears. Select the sensor device that you wish to enable or disable.

  • Page 14: Configuring Protocols

    ANAGING ENSOR EVICES Configuring You can configure protocols for your sensor device by accessing Protocol Protocols Configuration or Sensor Devices in the SIM Configuration tab of the Administration Console. The following procedures provide information on configuring protocols using the Protocol Configurations icon in the SIM Configuration panel. Using the Administration Console, you can: Add a protocol.
  • Page 15 Configuring Protocols If you select JDBC, go to Step If you select JDBC:SiteProtector, go to Step If you select JuniperNSM, go to Step If you select LEA, go to Step If you select SNMP, go to Step If you select SDEE, go to Step If you have selected JDBC: Step 6...
  • Page 16 ANAGING ENSOR EVICES Click Save. The Protocol Configurations window appears. If you have selected JDBC:SiteProtector: Step 7 Click Configure. The configuration window appears. Enter values for the parameters: - IP - Specify the IP address for the ISS SiteProtector device. - Port - Specify the port used by the server database to listen for remote connections.
  • Page 17 Configuring Protocols Enter values for the parameters: - IP or Hostname - Specify the IP address or hostname of the Juniper NSM server. - Inbound Port - Specify the port to which the Juniper NSM sends communications. - Redirection Listen Port - Specifies the port to which traffic is forwarded. - Use NSM Address for Event Source - Select the check box if you wish to use the Juniper NSM server’s IP address instead of the managed device’s IP address for an event source.
  • Page 18 ANAGING ENSOR EVICES Enter values for the parameters: - Server IP or Hostname - Specify the IP address or hostname of the server. - Server Port - Specify the port used for OPSEC communication. The default is 18184. - Use Server IP for Event Source - Select the check box if you wish to use the LEA server’s IP address instead of the managed device’s IP address for an event source.
  • Page 19 Configuring Protocols If you have selected SDEE: Step 10 Click Configure. The SDEE Configuration Parameters window appears. Enter values for the following parameters: - URL - Specify the URL required to access the device, for example, https://www.mysdeeserver.com/cgi-bin/sdee-server. You must use an http or https URL.
  • Page 20 ANAGING ENSOR EVICES The Protocol Configurations window appears. If you have selected SNMPv2: Step 11 Click Configure. The SNMPv2 Configuration Parameters window appears. In the Community field, specify the SNMP community, such as public. This parameter only applies if you are using SNMPv2c. The default is Public. Click Save.

  • Page 21: Editing A Protocol

    Configuring Protocols Click Save. The Protocol Configurations window appears. Editing a Protocol To edit an existing protocol: In the Administration Console, click the SIM Configuration tab. Step 1 The SIM Configuration panel appears. Click the Protocol Configuration icon. Step 2 The Protocol Configurations window appears.

  • Page 22: Grouping Sensor Devices

    ANAGING ENSOR EVICES Grouping Sensor You can view sensor devices based on functionality. Categorizing your sensor Devices devices into groups allows you to efficiently view and track your devices. For example, you can view all devices by name. By default, the sensor devices interface displays all sensor devices.

  • Page 23: Editing A Group

    Grouping Sensor Devices From the menu tree, select the group under which you wish to create a new group. Step 3 Note: Once you create the group, you can drag and drop menu tree items to change the organization of the tree items. Click New Group.

  • Page 24: Copying A Sensor Device To Another Group

    ANAGING ENSOR EVICES Update values for the parameters, as necessary: Step 5 Name - Specify the name you wish to assign to the new group. The name may • be up to 255 characters in length. Description - Specify a description you wish to assign to this group. The •...
  • Page 25 Grouping Sensor Devices From the Group Content Frame, select the item(s) you wish to remove. Step 4 Click Remove. Step 5 A confirmation window appears. Click OK. Step 6 Close the Groups window. Step 7 Managing Sensor Devices Guide...

  • Page 27: Creating A Device Extension

    DSM. Information about device extensions is accessed from the STRM Log Management Administration Console. You can also create device extension reports that can be sent to Juniper Networks Customer Support. This capability is a mechanism for reporting parsing issues and potential fixes to Juniper Networks Customer Support, so that they can be evaluated for inclusion in future DSM updates.

  • Page 28: Creating A Device Extension Document

    Creating a Device Before defining a device extension within STRM Log Management, you must build Extension the extension document. The extension document is an XML document that you Document create or edit using any common word processing application. Multiple extension documents can be created, uploaded, and associated to various device types.

  • Page 29: Adding A Device Extension

    Adding a Device Extension The Device Extensions window provides the following details for each device extension: Table 2-1 Device Extension Parameters Parameter Description Extension Name Specifies the name of the device extension. Description Specifies a description for this device extension. Enabled Specifies whether or not the device extension is enabled.
  • Page 30 Enter values for the parameters: Step 4 Table 2-2 Add Device Extension Parameters Parameter Description Name Specify a name for the device extension. The name can be a maximum of 255 alphanumeric characters plus the underscore (_). Description Specify a description for the device extension. The description can be a maximum of 255 characters.

  • Page 31: Editing A Device Extension

    Editing a Device Extension Click Save. Step 7 The new device extension is created. The Event Collector automatically detects changes and will pick up a new or revised device extension. By default new device extensions are enabled. If you want to disable the device extension, see Enabling/Disabling a Device Extension.

  • Page 32: Copying A Device Extension

    Table 2-3 Edit Device Extension Parameters Parameter Description Specify the name for the device extension. The name can be a Name maximum of 255 alphanumeric characters plus the underscore (_). Specify the description for the device extension. The Description description can be a maximum of 255 characters. Use Condition Using the drop-down list box, select one of the following: Parsing Enhancement - When the DSM is unable to parse...

  • Page 33: Deleting A Device Extension

    Deleting a Device Extension From the list of device extensions, select the device extension that you want to Step 3 copy. Click Copy. Step 4 The Copy a Device Extension window appears. Enter values for the parameters: Step 5 Table 2-4 Copy Device Extension Parameters Parameter Description Name...

  • Page 34: Enabling/Disabling A Device Extension

    Juniper Networks Customer Support. Sending this information to Juniper Networks Customer Support facilitates the process of providing you with support. To send a report of the device extension to Juniper Networks Customer Support: In the Administration Console, click the SIM Configuration tab. Step 1 The SIM Configuration panel appears.
  • Page 35 Reporting a Device Extension Enter values for the parameters: Step 5 Table 2-5 Reporting a Device Extension Parameters Parameter Description Customer Name Specify your company’s or organization’s name Technical Contact Name Specify the name of the technical contact Comments Specify any comments that may be useful in understanding the issue Click Send.

This manual is also suitable for:

Security threat response manager

Table of Contents