Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 314
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
306
U
T
NIVERSITY
EMPLATE
Table B-9 Default Rules (continued)
Rule
Default-Rule-Recon:
Local Proxy Server
Scanner
Default-Rule-Recon:
Local RPC Server
Scanner
Default-Rule-Recon:
Local Scanner Detected
Default-Rule-Recon:
Local SNMP Scanner
Default-Rule-Recon:
Local SSH Server
Scanner
Default-Rule-Recon:
Local Suspicious Probe
Events Detected
Default-Rule-Recon:
Local TCP Scanner
Default-Rule-Recon:
Local UDP Scanner
Default-Rule-Recon:
Local Web Server
Scanner
Default-Rule-Recon:
Local Windows Scanner
to Internet
D
EFAULTS
Rule
Group
Type
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
STRM Administration Guide
Enabled Description
True
Reports a source IP address attempting
reconnaissance or suspicious connections on
common proxy server ports to more than 60
hosts in 10 minutes.
True
Reports a source IP address attempting
reconnaissance or suspicious connections on
common RPC server ports to more than 60
hosts in 10 minutes.
True
Reports a scan from a local host against other
hosts or remote targets. At least 60 hosts were
scanned within 10 minutes. This activity was
using a protocol other than TCP, UDP, or ICMP.
True
Reports a source IP address attempting
reconnaissance or suspicious connections on
common SNMP ports to more than 60 hosts in
10 minutes.
True
Reports a source IP address attempting
reconnaissance or suspicious connections on
common SSH ports to more than 30 hosts in 10
minutes.
False
Reports when various suspicious or
reconnaissance events have been detected
from the same local source IP address to more
than 5 destination IP address in 4 minutes. This
can indicate various forms of host probing, such
as Nmap reconnaissance, which attempts to
identify the services and operation systems of
the target.
True
Reports a source IP address attempting
reconnaissance or suspicious connections on
common TCP ports to more than 60 hosts in 10
minutes.
True
Reports a source IP address attempting
reconnaissance or suspicious connections on
common UDP ports to more than 60 hosts in 10
minutes.
True
Reports a source IP address attempting
reconnaissance or suspicious connections on
common local web server ports to more than 60
hosts in 10 minutes.
True
Reports a source IP address attempting
reconnaissance or suspicious connections on
the same source IP address more than 5 times,
across more than 60 destination IP address(es)
within 20 minutes.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series