Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 194
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
186
C
R
ONFIGURING
ULES
Table 9-1 Functions Group (continued)
Test
Description
Multi-Rule
You can also use building
Function
blocks or existing rules to
populate this test. Allows you to
detect the selected rules with
same source information across
more than the configured
number of destinations within a
configured time period.
Table 9-2 Offense Function Group
Test
Description
Multi-Rule
Allows you to use saved
Offense
building blocks and other
Function
rules to populate this test. The
offense has to match either all
or any of the selected rules. If
you wish to create an OR
statement for this rule test,
specify the any parameter.
The Offense functions include:
Default Test Name
when the offense
matches any of the
following offense rules.
STRM Administration Guide
Default Test Name
when any of these
rules with the same IP
address/Port/QID/
Event/Device/
Category more than 5
times, across more
than 5 IP address/
Port/QID/Event/
Device/Category
within 10 minutes
Parameters
Configure the following parameters:
rules - Specify the rules you wish
•
this test to consider.
IP address/Port/QID/
•
Event/Device/ Category - Specify
whether you wish this rule to
consider a source IP address,
source port, QID, device event ID,
device, or category.
5 - Specify the number of rules you
•
wish this test to consider.
more than - Specify if you wish
•
this test to consider more than or
exactly the number of destination
IP address(es), destination port(s),
QID(s), Device Event ID(s), or
Device(s).
5 - Specify the number of IP
•
addresses, ports, QIDs, events,
devices, or categories you wish
this test to consider.
IP address/ Port/QID/Event/
•
Device/Category - Specify the
destination you wish this test to
consider. The options are:
anything, destination IP(s),
destination port(s), QID(s), Device
Event ID(s), or Device(s).
10 - Specify the time value you
•
wish to assign to this test.
minutes - Specify the time
•
measurement value, seconds,
minutes, hours, or days that you
wish to apply to this test.
Parameters
Configure the following parameters:
any - Specify either any or all of
•
the configured rules apply to this
test.
rules - Specify the rules you wish
•
this test to consider.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series