Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 320
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
312
U
T
NIVERSITY
EMPLATE
Table B-10 Default Building Blocks (continued)
Building Block
Default-BB-Category
Definition: Rate Analysis
Marked Events
Default-BB-Category
Definition: Recon Events
Default-BB-Category
Definition: Service DoS
Default-BB-Category
Definition: Suspicious
Events
Default-BB-Category
Definition: System Errors
and Failures
Default-BB-Category
Definition: Upload to Local
WebServer
Default-BB-Category
Definition: VoIP
Authentication Failure
Events
Default-BB-Category
Definition: VoIP Session
Opened
D
EFAULTS
Block
Group
Type
Category
Event STRM monitors event rates of all
Definitions
Category
Event Edit this BB to include all events
Definitions
Category
Event Edit this BB to define Denial of
Definitions
Category
Event Edit this BB to include all events
Definitions
Category
Event Edit this BB to include all events
Definitions
Category
Event Typically, most networks are
Definitions
Category
Event Edit this BB to include all events
Definitions
Category
Event Edit this BB to include all events
Definitions
STRM Administration Guide
Description
source IP addresses/QIDs and
destination IP addresses/QIDs and
marks events that exhibit abnormal
rate behavior.
Edit this BB to include events that
are marked with rate analysis.
that indicate reconnaissance
activity.
Service (DoS) attack events.
that indicate suspicious activity.
that may indicate a system error or
failure. By default, this BB applies
when the event category for the
event is one of the following
System categories:
• Service Failure
• System Error
• System Failure
configured to restrict applications
that use the PUT method running
on their web application servers.
This BB detects if a remote host
has used this method on a local
server. The BB could be
duplicated to also detect other
unwanted methods or for local
hosts using the method connecting
to remote servers. This building
block is referenced by the
Default-Rule-Policy: Upload to
Local WebServer rule.
that indicate a VoIP login failure.
that indicate the start of a VoIP
session.
Associated Building
Blocks, if applicable
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series