Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 49

Table 4-1 Functions Group (continued)
Test Description
Multi-Rule You can also use building
Function blocks or existing rules to
populate this test. Allows you to
detect a series of rules for a
specific IP address or port
followed by a series of specific
rules for a specific port or IP
address.
Default Test Name
when all of these
rules, in order, with
the same destination
IP address/port
followed by all of these
rules in order with the
same IP address/port
from the previous
source, within this
many time intervals
STRM Log Management Users Guide
Creating a Rule
Parameters
Configure the following parameters:
rules - Specify the rules you wish
•
this test to consider.
in - Specify if you wish this test to
•
consider rules in a specific order.
destination - Specify whether you
•
wish this test to consider
destination or source IP address or
port.
IP address/Port - Specify if you
•
wish this test to consider the IP
address or port.
rules - Specify the rules you wish
•
this test to consider.
in - Specify if you wish this test to
•
consider rules in a specific order.
IP address/port - Specify if you
•
wish this test to consider the IP
address or port.
this many - Specify the number of
•
time intervals you wish this rule to
consider.
time intervals - Specify the time
•
interval you wish this rule to
consider. The options are:
seconds, minutes, hours, or days.
43