Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 286
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
278
E
T
NTERPRISE
EMPLATE
Table B-10 Default Building Blocks (continued)
Building Block
Default-BB-Recon
Detected: All Recon Rules
Default-BB-Recon
Detected: Devices That
Merge Recon into Single
Events
Default-BB-Recon
Detected: Host Port Scan
Default-BB-Recon
Detected: Port Scan
Detected Across Multiple
Hosts
User-BB-FalsePositive:
User Defined False
Positives Tunings
User-BB-FalsePositive:
User Defined Server Type
1 False Positive
Categories
User-BB-FalsePositive:
User Defined Server Type
1 False Positive Events
D
EFAULTS
Block
Group
Type
Recon
Event Define all Juniper Networks default
Recon
Event Edit this BB to include all devices
Recon
Event Edit this BB to define
Recon
Event Edit this BB to indicate port
User Tuning Event This BB contains any events that
User Tuning Event Edit this BB to include any
User Tuning Event Edit this BB to include any events
STRM Administration Guide
Description
reconnaissance tests. This BB is
used to detect a host that has
performed reconnaissance such
that other follow on tests can be
performed. For example,
reconnaissance followed by
firewall accept.
that accumulate reconnaissance
across multiple hosts or ports into
a single event. This rule forces
these events to become offenses.
reconnaissance scans on hosts in
your deployment.
scanning activity across multiple
hosts. By default, this BB applies
when an attacker is performing
reconnaissance against more than
5 hosts within 10 minutes. If
internal, this may indicate an
exploited machine or a worm
scanning for targets.
you have tuned using the False
Positive tuning function. For more
information, see the STRM Users
Guide.
categories you wish to consider
false positives for hosts defined in
the User-BB-HostDefinition: User
Defined Server Type 1 building
block.
you wish to consider false
positives for hosts defined in the
User-BB-HostDefinition: User
Defined Server Type 1 building
block.
Associated Building
Blocks, if applicable
User-BB-HostDefinition:
User Defined Server Type
1
User-BB-HostDefinition:
User Defined Server Type
1
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series