Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 125

network hierarchy
network objects
Network Weight
Open Systems
Interconnection (OSI)
OSI
protocol
QID
STRM Time
refresh timer
relevance
reports
report interval
rule
Contains each component of your network, and identifies which objects belong
within other objects. The accuracy and completeness of this hierarchy is essential
to traffic analysis functions. The network hierarchy provides for storage of flow
logs, databases, and TopN files.
Components of your network hierarchy. You can add layers to the hierarchy by
adding additional network objects and associating them to already defined objects.
(Objects that contain other objects are called groups.)
The numerical value applied to each network that signifies the importance of the
network. The Network weight is user defined.
A framework of ISO standards for communication between different systems made
by different vendors, in which the communications process is organized into seven
different categories that are placed in a layered sequence based on their
relationship to the user. Each layer uses the layer immediately below it and
provides a service to the layer above. Layers 7 through 4 deal with end-to-end
communication between the message source and destination, and layers 3
through 1 deal with network functions.
See Open Systems Interconnection.
A set of rules and formats that determines the communication behavior of layer
entities in the performance of the layer functions. It may still require an
authorization exchange with a policy module or external policy server prior to
admission.
STRM Identifier. A mapping of a single event of an external device to a Q1 Labs
unique identifier.
The right corner of the STRM interface displays STRM time, which is the time of
the STRM Console. This is the time that determines the time of events and
offenses.
Dashboard features a dynamic status bar that displays the amount of time until
STRM automatically refreshes the current network activity data; built-in refresh can
be manually refreshed at any time.
Relevance determines the significance of an event, category or offense.
A function that creates executive or operational level charting representations of
network activity based on time, attackers, offenses, security, and events.
A configurable time interval at which the Flow Processor must send all captured
flow data to the Console.
Collection of conditions and consequent actions. You can configure rules that
allow STRM to capture and respond to specific event sequences. The rules allow
STRM Log Management Users Guide
G 119
LOSSARY