Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 277
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
Table B-10 Default Building Blocks (continued)
Building Block
Default-BB-Category
Definition: Windows
Compliance Events
Default-BB-Category
Definition: Worm Events
Default-BB-Compliance
Definition: GLBA Servers
Default-BB-Compliance
Definition: HIPAA Servers
Default-BB-Compliance
Definition: SOX Servers
Default-BB-Compliance
Definition: PCI DSS
Servers
Default-BB-Database:
System Action Allow
Default-BB-Database:
System Action Deny
Default-BB-Database:
User Addition or Change
Default-BB-Device
Definition: Devices to
Monitor for High Event
Rates
Default-BB-FalsePositive:
All Default False Positive
BBs
Default-BB-FalsePositive:
Broadcast Address False
Positive Categories
Block
Group
Type
Category
Event Edit this BB to include all event
Definitions,
Compliance
Category
Event Edit this BB to define worm events.
Definitions
Compliance,
Event Edit this BB to include your GLBA
Host
Definitions
Compliance,
Event Edit this BB to include your HIPAA
Host
Definitions
Compliance,
Event Edit this BB to include your SOX IP
Host
Definitions
Compliance,
Event Edit this BB to include your PCI
Host
Definitions,
Response
Category
Event Edit this BB to include any events
Definitions,
Compliance
Category
Event Edit this BB to include any events
Definitions,
Compliance
Category
Event Edit this BB to include events that
Definitions,
Compliance
Category
Event Edit this BB to include devices you
Definitions
False
Event Edit this BB to include all false
Positive
False
Event Edit this BB to define all the false
Positive
STRM Administration Guide
Description
categories that indicate
compliance events.
This BB only applies to events not
detected by a custom rule.
IP systems. You must then apply
this BB to rules related to failed
logins, remote access, etc.
Servers by IP address. You must
then apply this BB to rules related
to failed logins, remote access,
etc.
Servers. You must then apply this
BB to rules related to failed logins,
remote access, etc.
DSS servers by IP address. You
must apply this BB to rules related
to failed logins, remote access,
etc.
that indicates successful actions
within a database.
that indicate unsuccessful actions
within a database.
indicate the successful addition or
change of user privileges
wish to monitor for high event
rates. The event rate threshold is
controlled by the
Default-Rule-Anomaly: Devices
with High Event Rates.
positive building blocks.
positive categories that occur to or
from the broadcast address space.
Default Building Blocks
Associated Building
Blocks, if applicable
All Default-BB-False
Positive building blocks
269
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series