Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 195
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
In the groups area, select the check box(es) of the groups to which you wish to
Step 9
assign this rule. For more information on grouping rules, see
In the Notes field, enter any notes you wish to include for this rule. Click Next.
Step 10
The Rule Responses window appears, which allows you to configure the action
STRM takes when the event sequence is detected.
Choose one of the following:
Step 11
If are configuring an Event Rule:
a
Table 9-3 Event Rule Response Parameters
Parameter
Severity
Credibility
Relevance
Ensure the detected event is
part of an offense.
Drop the detected event
Description
Select the check box if you wish this rule to set or
adjust severity to the configured level. Once
selected, you can configure the desired level.
Select the check box if you wish this rule to set or
adjust credibility to the configured level. Once
selected, you can configure the desired level.
Select the check box if you wish this rule to set or
adjust relevance to the configured level. Once
selected, you can configure the desired level.
Select the check box if you wish the event to be
forwarded to the Magistrate component. If no
offense has been created in the Offense Manager, a
new offense is created. If an offense exist, this event
will be added.
If you select the check box, the following options
appear:
Include detected events from this attacker
•
from this point forward, for second(s), in the
offense - Select the check box and configure the
number of seconds you wish to include detected
events from the attacker in the Offense Manager.
Perform realtime flow analysis on flows
•
between the attacker and target for
seconds(s) - Select the check box and configure
the number of seconds you wish to perform
realtime flow analysis on flows between the
attacker and this target.
Select the check box to force an event, which would
normally be sent to the Magistrate component be
sent to the Aerial database for reporting or
searching. This event does not appear in the
Offense Manager.
STRM Administration Guide
Creating a Rule
187
Grouping
Rules.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series