Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 205
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
Table 9-6 Event Property Tests (continued)
Test
Description
False Positive
When you tune false
Tuning
positive events in the Event
Viewer, the resulting tuning
values appear in this test. If
you wish to remove a false
positive tuning, you can edit
this test to remove the
necessary tuning values.
Username
Valid when the configured
username is associated with
an event.
Table 9-7 IP / Port Test Group
Test
Description
Source Port
Valid when the source port
of the event is one of the
configured source port(s).
Destination Port Valid when the destination
port of the event is one of
the configured destination
port(s).
Local Port
Valid when the local port of
the event is one of the
configured local port(s).
Default Test Name
when the false positive
signature matches one of
the following signatures
when the event(s)
username is this string
IP/Port Tests
The IP/Port tests include:
Default Test Name
when the source port is one
of the following ports
when the destination port is
one of the following ports
when the local port is one
of the following ports
STRM Administration Guide
Creating a Rule
Parameters
signatures - Specify the false positive
signature you wish this test to
consider. Enter the signature in the
following format:
<CAT|QID|ANY>:<value>:<source
IP>:<dest IP>
Where:
<CAT|QID|ANY> - Specify whether
you wish this false positive signature
to consider a category (CAT), Juniper
Networks Identifier (QID), or any
value.
<value> - Specify the value for the
<CAT|QID|ANY> parameter. For
example, if you specified QID, you
must specify the QID value.
<source IP> - Specify the source IP
address you wish this false positive
signature to consider.
<dest IP> - Specify the destination IP
address you wish this false positive
signature to consider.
Configure the following parameters:
is - Specify the value you wish to
•
associate with this test. Options
include: is, contains, starts with, or
ends with.
this string - Specify a username
•
you wish this test to consider.
Parameters
ports - Specify the ports you wish
this test to consider.
ports - Specify the ports you wish
this test to consider.
ports - Specify the ports you wish
this test to consider.
197
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series