Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 104
Strm log management users guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1:
- Manual (36 pages) ,
- Administration manual (92 pages) ,
- Manual (246 pages)
Table of Contents
Advertisement
98
D
R
EFAULT
ULES AND
Table B-6 Default Rules (continued)
Rule
Default-Rule-Recon:
Recon Followed by
Accept
Default-Rule-Recon:
Remote Database
Scanner
Default-Rule-Recon:
Remote DHCP Scanner
Default-Rule-Recon:
Remote DNS Scanner
Default-Rule-Recon:
Remote FTP Scanner
Default-Rule-Recon:
Remote Game Server
Scanner
Default-Rule-Recon:
Remote ICMP Scanner
Default-Rule-Recon:
Local IM Server
Scanner
Default-Rule-Recon:
Local IRC Server
Scanner
Default-Rule-Recon:
Remote LDAP Server
Scanner
Default-Rule-Recon:
Remote Mail Server
Scanner
Default-Rule-Recon:
Remote P2P Server
Scanner
B
B
UILDING
LOCKS
Rule
Group
Type
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
STRM Log Management Users Guide
Enabled Description
False
Adds an additional event into the event stream
when a host that has been performing
reconnaissance also has a firewall accept
following the reconnaissance activity.
True
Reports a scan from a remote host against other
local or remote targets. At least 30 hosts were
scanned in 10 minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common DHCP ports to more than 30 hosts in
10 minutes.
True
Reports a source IP address attempting
reconnaissance or suspicious connections on
common DNS ports to more than 60 hosts in 10
minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common FTP ports to more than 30 hosts in 10
minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common game server ports to more than 30
hosts in 10 minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common ICMP ports to more than 60 hosts in 10
minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common IM server ports to more than 60 hosts
in 10 minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common IRC server ports to more than 10 hosts
in 10 minutes.
True
Reports a scan from a remote host against other
local or remote targets. At least 30 hosts were
scanned in 10 minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common mail server ports to more than 30 hosts
in 10 minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common Peer-to-Peer (P2P) server ports to
more than 60 hosts in 10 minutes.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series