Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 347
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
Table D-9 Default Rules (continued)
Rule
Default-Rule-Botnet:
Potential Botnet
Connection (IRC)
Default-Rule-
Compliance:
Excessive Failed
Logins to Compliance
IS
Default-Rule-DoS:
Decrease Magnitude
of Low Rate Attacks
Default-Rule-DoS:
DoS Attack Detected
Default-Rule-DoS:
DoS Events with High
Magnitude Become
Offenses
Default-Rule-DoS:
Increase Magnitude
of High Rate Attacks
Default-Rule-Exploit:
All Exploits Become
Offenses
Default-Rule-Exploit:
Exploit/Malware
Events Across
Multiple Targets
Default-Rule-Exploit:
Exploits Events with
High Magnitude
Become Offenses
Default-Rule-Exploit:
Multiple Exploit Types
Against Single target
STRM Administration Guide
Rule
Type
Enabled Description
Event
False
Reports a host connecting or attempting
to connect to an IRC server on the
Internet. This may indicate a host
connecting to a Botnet. The host should
be investigated for malicious code.
Event
True
Reports excessive authentication
failures to a compliance server within 10
minutes.
Event
True
If a low rate flow-based DoS attack is
detected, this rule decreases the
magnitude of the current event.
Event
True
Rule creates offenses for DoS-based
attacks that have more than 3 events in
a row.
Event
True
Rule forces the creation of an offense
for DoS based events with a high
magnitude.
Event
True
If a high rate flow-based DoS attack is
detected, this rule increases the
magnitude of the current event.
Event
False
Reports exploit attacks on events. By
default, this rule is disabled. Enable this
rule if you wish all events categorized as
exploits to create an offense.
Event
True
Reports a source IP address generating
multiple (at least 30) exploits or
malicious software (malware) events
from at least 20 hosts in the last 3
minutes. These events are not targeting
hosts that are vulnerable and may
indicate false positives generating from
a device.
Event
True
Rule forces the creation of offenses for
exploit-based events with a high
magnitude.
Event
True
Reports a target attempting to be
exploited using multiple types of attacks
from one or more attackers.
Default Rules
339
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series