Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 203
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
Table 9-6 Event Property Tests
Test
Description
Local Network
Valid when the event occurs
Object
in the specified network.
IP Protocol
Valid when the IP protocol of
the event is one of the
configured protocols.
Event Payload
Each event contains a copy
Search
of the original unnormalized
event. This test is valid
when the entered search
string is included anywhere
in the event payload.
QID of Event
A QID is a unique identifier
for events. This test is valid
when the event identifier is a
configured QID.
Attack Context Attack Context is the
relationship between the
attacker and target. For
example, a local attacker to
a remote target.
Valid if the attack context is
one of the following:
Local to Local
•
Local to Remote
•
Remote to Local
•
Remote to Remote
•
Event
Valid when the event
Category
category is the same as the
configured category, for
example, Denial of Service
(DoS) attack.
Severity
Valid when the event
severity is greater than, less
than, or equal to the
configured value. The
default is 5.
Default Test Name
when the local network is
one of the following
networks
when the IP protocol is
one of the following
protocols
when the Event Payload
contains this string
when the event QID is one
of the following QIDs
when the attack context is
this context
when the event category
for the event is one of the
following categories
when the event severity is
greater than 5 {default}
STRM Administration Guide
Creating a Rule
Parameters
one of the following - Specify the
areas of the network you wish this test
to apply.
protocols - Specify the protocols you
wish to add to this test.
this string - Specify the text string you
wish include for this test.
QIDs - Use of the following options to
locate QIDs:
Select the Browse By Category
•
option and using the drop-down list
boxes, select the high and low-level
category QIDs you wish to locate.
Select the QID Search option and
•
enter the QID or name you wish to
locate. Click Search.
this context - Specify the context you
wish this test to consider. The options
are:
Local to Local
•
Local to Remote
•
Remote to Local
•
Remote to Remote
•
categories - Specify the event
category you wish this test to
consider.
For more information on event
categories, see the Event Category
Correlation Reference Guide.
Configure the following parameters:
greater than - Specify whether the
•
severity is greater than, less than,
or equal to the configured value.
this value - Specify the index,
•
which is a value from 0 to 10.
195
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series