Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 110

104 D R
EFAULT ULES AND
Table B-7 Default Building Blocks (continued)
Building Block
Default-BB-Compliance
Definition: GLBA Servers
Default-BB-Compliance
Definition: HIPAA Servers
Default-BB-Compliance
Definition: SOX Servers
Default-BB-Compliance
Definition: PCI DSS
Servers
Default-BB-Database:
System Action Allow
Default-BB-Database:
System Action Deny
Default-BB-Database:
User Addition or Change
Default-BB-Device
Definition: Devices to
Monitor for High Event
Rates
Default-BB-FalsePositive:
All Default False Positive
BBs
Default-BB-FalsePositive:
Broadcast Address False
Positive Categories
Default-BB-FalsePositive:
Database Server False
Positive Categories
B B
UILDING LOCKS
Block
Group Type
Compliance, Event Edit this BB to include your GLBA
Host
Definitions
Compliance, Event Edit this BB to include your HIPAA
Host
Definitions
Compliance, Event Edit this BB to include your SOX IP
Host
Definitions
Compliance, Event Edit this BB to include your PCI
Host
Definitions,
Response
Category Event Edit this BB to include any events
Definitions,
Database
Category Event Edit this BB to include any events
Definitions,
Database
Category Event Edit this BB to include events that
Definitions,
Database
Category Event Edit this BB to include devices you
Definitions
False Event Edit this BB to include all false
Positive
False Event Edit this BB to define all the false
Positive
False Event Edit this BB to define all the false
Positive
STRM Log Management Users Guide
Description
IP systems. You must then apply
this BB to rules related to failed
logins, remote access, etc.
Servers by IP address. You must
then apply this BB to rules related
to failed logins, remote access,
etc.
Servers. You must then apply this
BB to rules related to failed logins,
remote access, etc.
DSS servers by IP address. You
must apply this BB to rules related
to failed logins, remote access,
etc.
that indicates successful actions
within a database.
that indicate unsuccessful actions
within a database.
indicate the successful addition or
change of user privileges
wish to monitor for high event
rates. The event rate threshold is
controlled by the
Default-Rule-Anomaly: Devices
with High Event Rates.
positive building blocks.
positive categories that occur to or
from the broadcast address space.
positive categories that occur to or
from database servers that are
defined in the
Default-BB-HostDefinition:
Database Servers building block.
Associated Building
Blocks, if applicable
All Default-BB-False
Positive building blocks
Default-BB-HostDefinition:
Database Servers