Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 206
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
198
C
R
ONFIGURING
ULES
Table 9-7 IP / Port Test Group (continued)
Test
Description
Remote Port
Valid when the remote port
of the event is one of the
configured remote port(s).
Source IP
Valid when the source IP
Address
address of the event is one
of the configured IP
address(es).
Destination IP
Valid when the destination
Address
IP address of the event is
one of the configured IP
address(es).
Local IP
Valid when the local IP
Address
address of the event is one
of the configured IP
address(es).
Remote IP
Valid when the remote IP
Address
address of the event is one
of the configured IP
address(es).
IP Address
Valid when the source or
destination IP address of
the event is one of the
configured IP address(es).
Table 9-8 Host Profile Tests
Test
Description
Host Profile
Valid when the port is open on
Port
the configured local source or
destination. You can also specify
if the status of the port is
detected using one of the
following methods:
Active - STRM actively
•
searches for the configured
port through scanning or
vulnerability assessment.
Passive - STRM passively
•
monitors the network
recording hosts previously
detected.
Default Test Name
when the remote port is one
of the following ports
when the source IP is one
of the following IP
addresses
when the destination IP is
one of the following IP
addresses
when the local IP is one of
the following IP addresses
when the remote IP is one
of the following IP
addresses
when either the source or
destination IP is one of the
following IP addresses
Host Profile Tests
The host profile tests include:
STRM Administration Guide
Default Test Name
when the local source
host destination port is
open either actively
or passively seen
Parameters
ports - Specify the ports you wish
this test to consider.
IP addresses - Specify the IP
address(es) you wish this test to
consider.
IP addresses - Specify the IP
address(es) you wish this test to
consider.
IP addresses - Specify the IP
address(es) you wish this test to
consider.
IP addresses - Specify the IP
address(es) you wish this test to
consider.
IP addresses - Specify the IP
address(es) you wish this test to
consider.
Parameters
Configure the following parameters:
source - Specify if you wish this
•
test to apply to the source or
destination port. The default is
source.
either actively or passively -
•
Specify if you wish this test to
consider active and/or passive
scanning.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series