Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 191

Table 9-1 Functions Group (continued)
Test Description
Multi-Event Allows you to test the number of
Counter events from configured
Function conditions, such as, source IP
address. You can also use
building blocks and other rules
to populate this test.
Default Test Name
when a(n) IP address/
Port/QID/Event/
Device/Category
{default: anything}
emitting/receiving
more than 5 {default}
of these rules across
more than 5 {default}
IP address /Port /QID/
Event/Device/
Category {default:
destination IP}, over
10 {default} minutes
STRM Administration Guide
Creating a Rule
Parameters
Configure the following parameters:
IP address/ Port/QID/Event/
•
Device/Category - Specify the
source you wish this test to
consider. The options are:
anything, a source IP, a source
Port, a QID, Device Event ID, or a
Device.
more than - Specify if you wish
•
this test to consider more than or
exactly the number of rules.
5 - Specify the number of rules you
•
wish this test to consider.
these rules - Specify the rules you
•
wish this test to consider.
more than - Specify if you wish
•
this test to consider more than or
exactly the number of destination
IP address(es), destination port(s),
QID(s), Device Event ID(s), or
Device(s).
5 - Specify the number of IP
•
addresses, ports, QIDs, events,
devices, or categories you wish
this test to consider.
IP address /Port /QID/
•
Event/Device/ Category - Specify
the destination you wish this test to
consider. The options are:
anything, destination IP(s),
destination port(s), QID(s), device
event ID(s), or device(s).
10 - Specify the time value you
•
wish to assign to this test.
minutes - Specify the time
•
measurement value, seconds,
minutes, hours, or days that you
wish to apply to this test.
183