Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 266
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
258
E
T
NTERPRISE
EMPLATE
Table B-9 Default Rules (continued)
Rule
Default-Rule-Exploit:
Attacker Vulnerable to
this Exploit
Default-Rule-Exploit:
Exploit Followed by
Suspicious Host Activity
Default-Rule-Exploit:
Exploit/Malware Events
Across Multiple Targets
Default-Rule-Exploit:
Exploits Events with
High Magnitude
Become Offenses
Default-Rule-Exploit:
Multiple Exploit Types
Against Single target
Default-Rule-Exploit:
Potential VoIP Toll
Fraud
Default-Rule-Exploit:
Recon followed by
Exploit
Default-Rule-Exploit:
Target Vulnerable to
Detected Exploit
Default-Rule-Exploit:
Target Vulnerable to
Detected Exploit on a
Different Port
Default-Rule-Exploit:
Target Vulnerable to
Different Exploit than
Attempted on Attacked
Port
D
EFAULTS
Rule
Group
Type
Exploit
Event
Exploit
Event
Exploit
Event
Exploit
Event
Exploit
Event
Exploit
Event
Exploit
Event
Exploit
Event
Exploit
Event
Exploit
Event
STRM Administration Guide
Enabled Description
False
Reports an attack from a local host where the
attacker is vulnerable to the attack being used. It
is possible that the attacker was a target in an
earlier offense.
False
Reports an exploit or attack type activity from a
source IP address followed by suspicious
account activity on the destination host within 15
minutes.
True
Reports a source IP address generating multiple
(at least 5) exploits or malicious software
(malware) events in the last 5 minutes. These
events are not targeting hosts that are
vulnerable and may indicate false positives
generating from a device.
True
Rule forces the creation of offenses for
exploit-based events with a high magnitude.
True
Reports a target attempting to be exploited using
multiple types of attacks from one or more
attackers.
False
Reports multiple failed logins to your VoIP
hardware followed by sessions being opened. At
least 3 events were detected within 30 seconds.
This action could indicate that illegal users are
executing VoIP sessions on your network.
True
Reports reconnaissance followed by an exploit
from the same source IP address to the same
destination port within 1 hour.
True
Reports an attack against a vulnerable local
target, where the target is known to exist, and
the host is vulnerable to the attack.
True
Reports an attack against a vulnerable local
target, where the target is known to exist, and
the host is vulnerable to the attack on a different
port.
False
Reports an attack against a vulnerable local
target, where the target is known to exist, and
the host is vulnerable to some attack but not the
one being attempted.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series