Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 47
Strm log management users guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1:
- Manual (36 pages) ,
- Administration manual (92 pages) ,
- Manual (246 pages)
Table of Contents
Advertisement
Table 4-1 Functions Group (continued)
Test
Description
Multi-Rule
Allows you to use saved
Event Function
building blocks or other rules to
populate this test. You can use
this function to detect a number
of specified rules, in sequence,
involving a source and
destination within a configured
time interval.
Multi-Event
Allows you to detect a sequence
Sequence
of selected rules involving the
Function
same source and destination
Between Hosts
hosts within the configured time
intervals. You can also use
saved building blocks and other
rules to populate this test.
Default Test Name
when at least this
number of these
rules, in order, from
the same IP
address/Port/QID/
Event/Device/
Category {default:
source IP} to the
same destination IP,
over this many time
intervals
when this sequence of
rules, involving the
same source and
destination hosts in
this many time
intervals
STRM Log Management Users Guide
Creating a Rule
Parameters
Configure the following parameters:
this number - Specify the number
•
of rules you wish this function to
consider.
these rules - Specify the rules you
•
wish this test to consider.
in - Specify whether you wish this
•
rule to consider in or in any order.
the same - Specify if you wish this
•
rule to consider the same or any of
the source to destination port or IP
address.
IP address/Port/QID/
•
Event/Device/ Category - Specify
whether you wish this rule to
consider a source IP address,
source port, QID, device event ID,
device, or category,
the same - Specify if you wish this
•
rule to consider the same or any of
the source to destination port or IP
address.
destination IP - Specify whether
•
you wish this rule to consider a
destination IP or port.
this many - Specify the number of
•
time intervals you wish this rule to
consider.
time intervals - Specify the time
•
interval you wish this rule to
consider. The options are:
seconds, minutes, hours, or days.
Configure the following parameters:
of rules - Specify the rules you
•
wish this test to consider
this many - Specify the number of
•
time intervals you wish this test to
consider.
time intervals - Specify the time
•
measurement value, seconds,
minutes, hours, or days you wish
to apply to this test.
41
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series