Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 355
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
Table D-10 Default Building Blocks (continued)
Building Block
Default-BB-Category
Definition: Countries with
no Remote Access
Default-BB-Category
Definition: Exploits,
Backdoors, and Trojans
Default-BB-Category
Definition: Firewall or ACL
Accept
Default-BB-Category
Definition: Firewall or ACL
Denies
Default-BB-Category
Definition: Firewall
System Errors
Default-BB-Category
Definition: Flow Events
Default-BB-Category
Definition: High
Magnitude Events
Default-BB-Category
Definition: Mail Policy
Violation
Default-BB-Category
Definition: Malware
Annoyances
Default-BB-Category
Definition: Policy Events
Block
Type
Description
Event Edit this BB to include any geographic
location that typically would not be allowed
remote access to the enterprise. Once
configured, you can enable the
Default-Rule-Anomaly: Remote Access
from Foreign Country rule.
Event Edit this BB to include all events that are
typically exploits, backdoor, or trojans.
Event Edit this BB to include all events that
indicate access to the firewall.
Event Edit this BB to include all events that
indicate unsuccessful attempts to access
the firewall.
Event Edit this BB to include all events that may
indicate a firewall system error. By default,
this BB applies when an event is detected
by one or more of the following devices:
• CheckPoint
• Generic Firewall
• Iptables
• NetScreen Firewall
• Cisco Pix
Event Edit this BB to include all events that
indicate flow events within your network. By
default, this BB applies to events detected
by the Classification Engine.
Event Edit this BB to the severity, credibility, and
relevance levels you wish to generate an
event. The defaults are:
• Severity = 6
• Credibility = 7
• Relevance = 7
Event Edit this BB to define mail policy violations.
Event Edit this BB to include event categories that
are typically associated with spyware
infections.
Event Edit this BB to include all event categories
that may indicate a violation to network
policy.
STRM Administration Guide
Default Building Blocks
Associated Building Blocks,
if applicable
347
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series