Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 263
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
Table B-9 Default Rules (continued)
Rule
Default-Rule-
Anomaly: Rate Analysis
Marked Events
Default-Rule-
Anomaly: Remote
Access from Foreign
Country
Default-Rule-
Authentication: Login
Failure to Disabled
Account
Default-Rule-
Authentication: Login
Failure to Expired
Account
Default-Rule -
Authentication: Login
Failures Across Multiple
Hosts
Default-Rule-
Authentication: Login
Failures Followed By
Success
Default-Rule-
Authentication: Multiple
VoIP Login Failures
Default-Rule-
Authentication:
Repeated Login
Failures, Single Host
Rule
Group
Type
Anomaly
Event
Anomaly
Event
Authentication
Event
Authentication
Event
Authentication
Event
Authentication
Event
Authentication
Event
Authentication
Event
STRM Administration Guide
Enabled Description
False
Reports a host emitting events at a rate greater
than normal. This may be normal, but in some
cases can be an early warning sign that the host
has changed behavior. We recommend that you
perform an event search and/or flow search to
determine if the host is exhibiting other
suspicious activity.
False
Reports successful logins or access from an IP
address known to be in a country that does not
have remote access right. Before you enable
this rule, we recommend that you configure the
Default-BB-CategoryDefinition: Countries with
no Remote Access building block.
True
Reports a host login message from a disabled
user account. If the user is no longer a member
of the organization, we recommend that you
investigate any other received authentication
messages from the same user.
True
Reports a host login failure message from an
expired user account known. If the user is no
longer a member of the organization, we
recommend that you investigate any other
received authentication messages.
True
Reports authentication failures on the same
source IP address more than three times, across
more than three destination IP addresses within
10 minutes.
True
Reports multiple log in failures to a single host,
followed by a successful log in to the host.
True
Reports multiple log in failures to a VoIP PBX.
True
Reports when a source IP address causes an
authentication failure event at least seven times
to a single destination within 5 minutes.
Default Rules
255
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series