Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 215
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
Table 9-15 Offense Property Tests (continued)
Test
Description
Attack Context
Attack Context is the
relationship between the
attacker and target. For
example, a local attacker to
a remote target.
Valid if the attack context is
one of the following:
•
•
•
•
Attacker Location Valid when the attacker is
either local or remote. The
default is remote.
Target Location
Valid when the target is
either local or remote. The
default is remote.
Network Flow
Valid when STRM detects
Analysis
one of the configured
behaviors in the Attacker
Target analysis.
Network Flow
Valid when STRM detects
Analysis
one of the configured
behaviors in the Target
analysis.
Category Count
Valid when the number of
in an Offense
event categories for an
offense greater than, less
than, or equal to the
configured value.
Local to Local
Local to Remote
Remote to Local
Remote to Remote
STRM Administration Guide
Default Test Name
when the attack context is
this context
when the attacker is local
or remote IPs {default:
remote}
when the target list
includes local or remote
IP addresses {default:
remote}
when real-time network
flow analysis has
detected any of the
following attacker target
analysis behaviors listed.
when real-time network
flow analysis has
detected any of the
following target analysis
behaviors listed.
when the number of
categories involved in the
offense is greater than
this number
Creating a Rule
Parameters
this context - Specify the context
you wish this test to consider. The
options are:
Local to Local
•
Local to Remote
•
Remote to Local
•
Remote to Remote
•
local or remote - Specify if you
wish the attacker to be local or
remote.
local or remote IP addresses -
Specify if you wish the target to be
local or remote.
Configure the following parameters:
any - Specify if you wish this test
•
to consider any or all behaviors.
listed - Specify the behaviors
•
you wish this test to consider.
Configure the following parameters:
any - Specify if you wish this test
•
to consider any or all behaviors.
listed - Specify the behaviors
•
you wish this test to consider.
Configure the following parameters:
greater than - Specify if you wish
•
the number of categories to be
greater than, less than, or equal
to the configured value.
this number - Specify the value
•
you wish this test to consider.
For more information on event
categories, see the Event Category
Correlation Reference Guide.
207
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series