Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 268
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
260
E
T
NTERPRISE
EMPLATE
Table B-9 Default Rules (continued)
Rule
Default-Rule-Policy:
New Host Discovered in
DMZ
Default-Rule-Policy:
New Service
Discovered
Default-Rule-Policy:
New Service
Discovered in DMZ
Default-Rule-Policy:
Upload to Local
WebServer
Default-Rule-Recon:
Aggressive Local
Scanner Detected
Default-Rule-Recon:
Aggressive Remote
Scanner Detected
Default-Rule-Recon:
Excessive Firewall
Denies From Remote
Hosts
Default-Rule-Recon:
Host Port Scan
Detected by Local Host
Default-Rule-Recon:
Host Port Scan
Detected by Remote
Host
Default-Rule-Recon:
Increase Magnitude of
High Rate Scans
Default-Rule-Recon:
Increase Magnitude of
Medium Rate Scans
D
EFAULTS
Rule
Group
Type
Authentication,
Event
Compliance
Policy
Event
Authentication,
Event
Compliance
Policy
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
STRM Administration Guide
Enabled Description
False
Reports when a new host has been discovered
in the DMZ.
False
Reports when an existing host has a newly
discovered service.
False
Reports when a new service has been
discovered in the DMZ.
False
Reports potential file uploads to a local web
server. To edit the details of this rule, edit the
Default-BB-CategoryDefinition: Upload to Local
WebServer building block.
True
Reports an aggressive scan from a local source
IP address, scanning other local or remote IP
addresses. More than 400 targets received
reconnaissance or suspicious events in less
than 2 minutes. This may indicate a manually
driven scan, an exploited host searching for
other targets, or a worm is present on the
system.
True
Reports an aggressive scan from a remote
source IP address, scanning other local or
remote IP addresses. More than 50 targets
received reconnaissance or suspicious events in
less than 3 minutes. This may indicate a
manually driven scan, an exploited host
searching for other targets, or a worm on a
system.
True
Reports excessive attempts, from remote hosts,
to access the firewall and access is denied.
More than 40 attempts are detected across at
least 40 destination IP addresses in 5 minutes.
True
Reports a single source IP address scanning
more than 50 ports in under 3 minutes.
True
Reports when more than 400 ports were
scanned from a single source IP address in
under 2 minutes.
True
If a high rate flow-based scanning attack is
detected, this rule increases the magnitude of
the current event.
True
If a medium rate flow-based scanning attack is
detected, this rule increases the magnitude of
the current event.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series