Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 105
Strm log management users guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1:
- Manual (36 pages) ,
- Administration manual (92 pages) ,
- Manual (246 pages)
Table of Contents
Advertisement
Table B-6 Default Rules (continued)
Rule
Default-Rule-Recon:
Remote Proxy Server
Scanner
Default-Rule-Recon:
Remote RPC Server
Scanner
Default-Rule-Recon:
Remote Scanner
Detected
Default-Rule-Recon:
Remote SNMP Scanner
Default-Rule-Recon:
Remote SSH Server
Scanner
Default-Rule-Recon:
Remote Suspicious
Probe Events Detected
Default-Rule-Recon:
Remote TCP Scanner
Default-Rule-Recon:
Remote UDP Scanner
Default-Rule-Recon:
Remote Web Server
Scanner
Default-Rule-Recon:
Remote Windows
Server Scanner
Rule
Group
Type
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
Recon
Event
STRM Log Management Users Guide
Enabled Description
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common proxy server ports to more than 30
hosts in 10 minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common RPC server ports to more than 30
hosts in 10 minutes.
True
Reports a scan from a remote host against other
hosts or remote targets. At least 60 hosts were
scanned within 20 minutes. This activity was
using a protocol other than TCP, UDP, or ICMP.
True
Reports scans from a remote host against local
or remote targets. At least 30 hosts were
scanned in 10 minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common SSH ports to more than 30 hosts in 10
minutes.
False
Reports various suspicious or reconnaissance
events from the same remote source IP address
to more then 5 destination IP addresses in 4
minutes. This may indicate various forms of host
probing, such as Nmap reconnaissance that
attempts to identify the services and operating
system of the targets.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common TCP ports to more than 60 hosts in 10
minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common UDP ports to more than 60 hosts in 10
minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common local web server ports to more than 60
hosts in 10 minutes.
True
Reports a remote host attempting
reconnaissance or suspicious connections on
common Windows server ports to more than 60
hosts in 10 minutes.
Default Rules
99
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series