Creating A Sentry Package; Editing A Sentry Package - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual

132 M S
ANAGING ENTRIES
Step 8
Step 9
Step 10
Managing
Packages
Creating a Sentry
Package
Step 1
Step 2
Step 3
Step 4
Table 7-4 Default Variables (continued)
Parameter Description
$$LargeWindow Specify a period of time you wish to the system to monitor flows
in your network. This allows the system a basis of comparison for
traffic over an smaller period of time. If the large window and
small window values exceed a certain threshold, the sentry
generates an alert.
$$Upperbound/ For each threshold, specify the number that must be exceeded
Lowerbound for this sentry to generate an alert. This variable is for threshold
sentries.
$$AutoLearnTime Specify the time stamp of the time when you wish the system to
stop learning. This variable is for threshold sentries.
Click Save.
Close the Sentries window.
The STRM Administration Console appears.
From the menu, select Configurations > Deploy configuration changes.
Sentries contain packages. You can create packages to reuse with multiple
sentries. Using a saved package allows you to apply the same objects to multiple
areas of your network. For example, you can create a package to monitor for
network misuse. You can use the saved package to apply the same objects to all
areas of your network.
You must apply a package to a sentry through the sentry panel. For more
information, see, Editing Sentry
packages. You must apply these packages to the appropriate area of your network.
This section includes:
•

Creating a Sentry Package

Editing a Sentry Package

•
To create a new sentry package:
In the Administration Console, click the System Configuration tab.
The System Configuration panel appears.
Click the Sentries icon.
The Sentries window appears.
From the View By drop-down list box, select Objects.
The Sentry Objects menu tree appears.
From the menu tree, select Sentry Objects > Packages.
STRM Administration Guide
Details. By default, STRM does apply these