Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 265
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
Table B-9 Default Rules (continued)
Rule
Default-Rule-Database:
Multiple Database
Failures Followed by
Success
Default-Rule-Database:
Remote Login Failure
Default-Rule-Database:
Remote Login Success
Default-Rule-Database:
User Rights Changed
from Remote Host
Default-Rule-DDoS
Attack Detected
Default-Rule-DDoS:
DDoS Events with High
Magnitude Become
Offenses
Default-Rule-DoS:
Decrease Magnitude of
Low Rate Attacks
Default-Rule-DoS: DoS
Events with High
Magnitude Become
Offenses
Default-Rule-DoS:
Increase Magnitude of
High Rate Attacks
Default-Rule-DoS:
Network DoS Attack
Detected
Default-Rule-DoS:
Service DoS Attack
Detected
Default-Rule-Exploit:All
Exploits Become
Offenses
Default-Rule-Exploit:
Attacker Vulnerable to
any Exploit
Rule
Group
Type
Compliance,
Event
Database
Compliance,
Event
Database
Compliance,
Event
Database
Compliance,
Event
Database
D\DoS
Event
D\DoS
Event
D\DoS
Event
D\DoS
Event
D\DoS
Event
D\DoS
Event
D\DoS
Event
Exploit
Event
Exploit
Event
STRM Administration Guide
Enabled Description
True
Reports when there are multiple database
failures followed by a success within a short
period of time.
True
Increases the severity of a failed login attempt to
a database from a remote network.
True
Reports when a successful authentication
occurs to a database server from a remote
network.
True
Reports when changes to user privileges occurs
to a database from a remote network.
True
Reports network Distributed Denial of Service
(DDoS) attacks on a system.
True
Reports when offenses are created for
DoS-based events with high magnitude.
True
If a low rate flow-based DoS attack is detected,
this rule decreases the magnitude of the current
event.
True
Rule forces the creation of an offense for DoS
based events with a high magnitude.
True
If a high rate flow-based DoS attack is detected,
this rule increases the magnitude of the current
event.
True
Reports network Denial of Service (DoS) attacks
on a system.
True
Reports a DoS attack against a local target that
is known to exist and the target port is open.
False
Reports exploit attacks on events. By default,
this rule is disabled. Enable this rule if you wish
all events categorized as exploits to create an
offense.
False
Reports an attack from a local host where the
attacker has at least one vulnerability. It is
possible the attacker was a target in an earlier
offense.
Default Rules
257
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series