Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 108
Strm log management users guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1:
- Manual (36 pages) ,
- Administration manual (92 pages) ,
- Manual (246 pages)
Table of Contents
Advertisement
102
D
R
EFAULT
ULES AND
Table B-7 Default Building Blocks (continued)
Building Block
Default-BB-Category
Definition: Firewall
System Errors
Default-BB-Category
Definition: High
Magnitude Events
Default-BB-Category
Definitions: KeyLoggers
Default-BB-Category
Definition: Mail Policy
Violation
Default-BB-Category
Definition: Malware
Annoyances
Default-BB-Category
Definition: Network DoS
Attack
Default-BB-Category
Definition: Policy Events
Default-BB-Category
Definition: Post Exploit
Account Activity
Default-BB-Category
Definition: Rate Analysis
Marked Events
B
B
UILDING
LOCKS
Block
Group
Type
Category
Event Edit this BB to include all events
Definitions
Category
Event Edit this BB to the severity,
Definitions
Category
Event Edit this BB to include all events
Definitions
Category
Event Edit this BB to define mail policy
Definitions
Category
Event Edit this BB to include event
Definitions
Category
Event Edit this BB to include all event
Definitions
Category
Event Edit this BB to include all event
Definitions
Category
Event Edit this BB to include all event
Definitions
Category
Event STRM monitors event rates of all
Definitions
STRM Log Management Users Guide
Description
that may indicate a firewall system
error. By default, this BB applies
when an event is detected by one
or more of the following devices:
• CheckPoint
• Generic Firewall
• Iptables
• NetScreen Firewall
• Cisco Pix
credibility, and relevance levels
you wish to generate an event.
The defaults are:
• Severity = 6
• Credibility = 7
• Relevance = 7
that are typically exploits,
backdoor, or trojans.
violations.
categories that are typically
associated with spyware
infections.
categories that you wish to
categorize as a network DoS
attack.
categories that may indicate a
violation to network policy.
categories that may indicate
exploits to accounts.
source IP addresses/QIDs and
destination IP addresses/QIDs and
marks events that exhibit abnormal
rate behavior.
Edit this BB to include events that
are marked with rate analysis.
Associated Building
Blocks, if applicable
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series