Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 109
Strm log management users guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1:
- Manual (36 pages) ,
- Administration manual (92 pages) ,
- Manual (246 pages)
Table of Contents
Advertisement
Table B-7 Default Building Blocks (continued)
Building Block
Default-BB-Category
Definition: Recon Events
Default-BB-Category
Definition: Service DoS
Default-BB-Category
Definition: Suspicious
Events
Default-BB-Category
Definition: System Errors
and Failures
Default-BB-Category
Definition: Upload to Local
WebServer
Default-BB-Category
Definition: VoIP
Authentication Failure
Events
Default-BB-Category
Definition: VoIP Session
Opened
Default-BB-Category
Definition: Windows
Compliance Events
Default-BB-Category
Definition: Worm Events
Block
Group
Type
Category
Event Edit this BB to include all events
Definitions
Category
Event Edit this BB to define Denial of
Definitions
Category
Event Edit this BB to include all events
Definitions
Category
Event Edit this BB to include all events
Definitions
Category
Event Typically, most networks are
Definitions
Category
Event Edit this BB to include all events
Definitions
Category
Event Edit this BB to include all events
Definitions
Category
Event Edit this BB to include all event
Definitions
Category
Event Edit this BB to define worm events.
Definitions
STRM Log Management Users Guide
Description
that indicate reconnaissance
activity.
Service (DoS) attack events.
that indicate suspicious activity.
that may indicate a system error or
failure. By default, this BB applies
when the event category for the
event is one of the following
System categories:
• Service Failure
• System Error
• System Failure
configured to restrict applications
that use the PUT method running
on their web application servers.
This BB detects if a remote host
has used this method on a local
server. The BB could be
duplicated to also detect other
unwanted methods or for local
hosts using the method connecting
to remote servers. This building
block is referenced by the
Default-Rule-Policy: Upload to
Local WebServer rule.
that indicate a VoIP login failure.
that indicate the start of a VoIP
session.
categories that indicate
compliance events.
This BB only applies to events not
detected by a custom rule.
Default Building Blocks
Associated Building
Blocks, if applicable
103
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series