Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 113
Strm log management users guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1:
- Manual (36 pages) ,
- Administration manual (92 pages) ,
- Manual (246 pages)
Table of Contents
Advertisement
Table B-7 Default Building Blocks (continued)
Building Block
Default-BB-FalsePositive:
Remote Attacker to
Internal Target False
Positives
Default-BB-FalsePositive:
RPC Server False
Positive Categories
Default-BB-FalsePositive:
RPC Server False
Positive Events
Default-BB-FalsePositive:
SNMP Sender or
Receiver False Positive
Categories
Default-BB-FalsePositive:
SNMP Sender or
Receiver False Positive
Events
Default-BB-FalsePositive:
Source IP and Specific
Event
Default-BB-FalsePositive:
SSH Server False
Positive Categories
Default-BB-FalsePositive:
SSH Server False
Positive Events
Default-BB-FalsePositive:
Syslog Sender False
Positive Categories
Default-BB-FalsePositive:
Syslog Sender False
Positive Events
Block
Group
Type
False
Event Edit this BB to define all the false
Positive
False
Event Edit this BB to define all the false
Positive
False
Event Edit this BB to define all the false
Positive
False
Event Edit this BB to define all the false
Positive
False
Event Edit this BB to define all the false
Positive
False
Event Edit this BB to include source IP
Positive
False
Event Edit this BB to define all the false
Positive
False
Event Edit this BB to define all the false
Positive
False
Event Edit this BB to define all false
Positive
False
Event Edit this BB to define all false
Positive
STRM Log Management Users Guide
Description
positive QIDs that occur to or from
Remote-to-Local (R2L) based
servers.
positive categories that occur to or
from RPC servers that are defined
in the Default-BB-HostDefinition:
RPC Servers building block.
positive QIDs that occur to or from
RPC servers that are defined in
the Default-BB-HostDefinition:
RPC Servers building block.
positive categories that occur to or
from SNMP servers that are
defined in the
Default-BB-HostDefinition: SNMP
Servers building block.
positive QIDs that occur to or from
SNMP servers that are defined in
the Default-BB-HostDefinition:
SNMP Servers building block.
addresses or specific events that
you wish to remove.
positive categories that occur to or
from SSH servers that are defined
in the Default-BB-HostDefinition:
SSH Servers building block.
positive QIDs that occur to or from
SSH servers that are defined in the
Default-BB-HostDefinition: SSH
Servers building block.
positive categories that occur to or
from syslog sources.
positive events that occur to or
from syslog sources or
destinations.
Default Building Blocks
Associated Building
Blocks, if applicable
Default-BB-HostDefinition:
RPC Servers
Default-BB-HostDefinition:
RPC Servers
Default-BB-HostDefinition:
SNMP Servers
Default-BB-HostDefinition:
SNMP Servers
Default-BB-HostDefinition:
SSH Servers
Default-BB-HostDefinition:
SSH Servers
Default-BB-HostDefinition:
Syslog Servers and
Senders
Default-BB-HostDefinition:
Syslog Servers and
Senders
107
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series