Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 117
Strm log management users guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1:
- Manual (36 pages) ,
- Administration manual (92 pages) ,
- Manual (246 pages)
Table of Contents
Advertisement
Table B-7 Default Building Blocks (continued)
Building Block
Default-BB-Network
Definition: Honeypot like
Addresses
Default-BB-Network
Definition: NAT Address
Range
Default-BB-Network
Definition: Server
Networks
Default-BB-Network
Definition: Undefined IP
Space
Default-BB-Policy:
Application Policy
Violation Events
Default-BB-Policy: IRC/IM
Connection Violations
Default-BB-Policy: Policy
P2P
Default-BB-PortDefinition:
Database Ports
Default-BB-PortDefinition:
DHCP Ports
Default-BB-PortDefinition:
DNS Ports
Default-BB-PortDefinition:
FTP Ports
Default-BB-PortDefinition:
Game Server Ports
Block
Group
Type
Network
Event Edit this BB by replacing the other
Definition
Network
Event Edit this BB to define typical
Definition
Network
Event Edit this BB to include the
Definition
Network
Event Edit this BB to include areas of
Definition
Policy
Event Edit this BB to define policy
Policy
Event Edit this BB to define all policy
Policy
Event Edit this BB to include all events
Port\
Event Edit this BB to include all common
Protocol
Definition
Port\
Event Edit this BB to include all common
Protocol
Definition
Port\
Event Edit this BB to include all common
Protocol
Definition
Port\
Event Edit this BB to include all common
Protocol
Definition
Port\
Event Edit this BB to include all common
Protocol
Definition
STRM Log Management Users Guide
Description
network with network objects
defined in your network hierarchy
that are currently not in use in your
network or are used in a honeypot
or tarpit installation. Once these
have been defined, you must
enable the Default-Rule-Anomaly:
Potential Honeypot Access rule.
You must also add a
security/policy sentry to these
network objects to generate events
based on attempted access.
Network Address Translation
(NAT) range you wish to use in
your deployment.
networks where your servers are
located.
your network that does not contain
any valid hosts.
application and violation events.
IRC/IM connection violations.
that indicate Peer-to-Peer (P2P)
events.
database ports.
DHCP ports.
DNS ports.
FTP ports.
game server ports.
Default Building Blocks
Associated Building
Blocks, if applicable
111
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series