Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 148
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
140
M
V
ANAGING
IEWS
About Global Views
Each view is assigned a weight. Configured for traffic alerting purposes, weight is
the numeric value assigned to a flow property. STRM adds the weight value to the
sentry flow property weight value and assigns a sequence of ranking events. An
alert may be signalled when STRM interprets the combination of the numerical
weight values. For more information on weights, see
Sentries.
A view is a property of flows divided into the following:
Group - A collection of objects configured to display the network data that
•
appears on the graphs in a specific view.
Object - Assigned flow properties configured to identify specific traffic.
•
Layer - Property used to count traffic.
•
You can create a Custom View to identify more complex traffic patterns. You must
configure Custom Views with equations that identify your network activity and
match the properties built into an equation. You can create Custom Views to:
Identify protocol misuse from any geographic location.
•
Identify traffic from partner sites using applications you have deemed
•
out-of-policy.
Create an alternate network hierarchy.
•
You can also use equations to identify network traffic flows. When traffic flows
match the assigned property-set, STRM identifies and displays the traffic on the
graphs, enabling you to monitor and investigate the activity. An equation is
constructed from the following:
Objects - Network objects that are currently present on your network. When
•
choosing an object, you can select the network object, or any one of the leaf
nodes that is associated with the object. The selected object (or leaf node)
becomes part of an equation.
•
Elements - Tests of specific flow properties, such as, an IP address, protocol,
or byte count. This specifies the criteria the traffic flow must match to identify
traffic flows. Traffic flows matching the assigned criteria are displayed when
viewing the Custom View on the STRM graphs.
You can access Global Views using the Global Views menu option in the Network
Surveillance interface. Configurable Global Views include:
Local Networks View - Displays traffic by network objects.
•
Ports View - Displays traffic originating from identified destination ports.
•
•
Applications View - Displays traffic originating from the application layer by the
client connection and the server connection.
Remote Networks View - Displays user defined traffic originating from named
•
remote networks.
STRM Administration Guide
Chapter 7 Managing
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series