Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 46

40 C R
ONFIGURING ULES
Table 4-1 Functions Group
Test Description
Multi-Rule Allows you to use saved
Event Function building blocks and other rules
to populate this test. The event
has to match either all or any of
the selected rules. If you wish to
create an OR statement for this
rule test, specify the any
parameter.
Multi-Rule Allows you to use saved
Event Function building blocks or other rules to
populate this test. This function
allows you to detect a specific
sequence of selected rules
involving a source and
destination within a configured
time period.
Default Test Name
when an event
matches any of the
following rules
when all of these
rules, in order, from
the same IP
address/Port/QID/
Event/Device/
Category {default:
source IP} to the
same destination IP,
over this many time
intervals
STRM Log Management Users Guide
Parameters
Configure the following parameters:
any - Specify either any or all of
•
the configured rules apply to this
test.
rules - Specify the rules you wish
•
this test to consider.
Configure the following parameters:
these rules - Specify the rules you
•
wish this test to consider.
in - Specify whether you wish this
•
rule to consider in or in any order.
the same - Specify if you wish this
•
rule to consider the same or any of
the source to destination port or IP
address.
IP address/Port/QID/
•
Event/Device/ Category - Specify
whether you wish this rule to
consider a source IP address,
source port, QID, device event ID,
device, or category.
the same - Specify if you wish this
•
rule to consider the same or any of
the source to destination port or IP
address.
destination IP - Specify whether
•
you wish this rule to consider a
destination IP or port.
this many - Specify the number of
•
time intervals you wish this rule to
consider.
time intervals - Specify the time
•
interval you wish this rule to
consider. The options are:
seconds, minutes, hours, or days.