Default Custom
Views
IP Tracking Group
Table C-1 Default Sentries (continued)
Sentry
Excessive Unidirectional
UDP or Misc Flows
This section provides the default custom views for the Enterprise template
including:
IP Tracking Group
•
Threats Group
•
•
Attacker Target Analysis Group
Target Analysis Group
•
Policy Violations Group
•
•
ASN Source Group
ASN Destination Group
•
IFIndexIn Group
•
•
IFIndexOut Group
QoS Group
•
Flow Shape Group
•
Pre-configured groups that specify traffic flows from your local and remote IP
addresses including:
Table B-2 Custom Views - IP Tracking View
IP Tracking
Group
Group Objects
Locals
Specifies traffic flows originating from specific local IP addresses
or CIDR ranges. Configure to specify traffic flows for your local IP
addresses.
Remotes
Specifies traffic flows originating from specific remote IP
addresses or CIDR ranges. Configure to specify traffic flows for
your remote IP addresses.
STRM Administration Guide
Description
Detects an excessive number of UDP, non-TCP, or
ICMP from a single source. By default, the minimum
number of times, in flows, this activity must occur
before an event generates is 80.
Default Custom Views
289