Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 55

Table 4-3 Event Property Tests (continued)
Test Description
Credibility Valid when the event
credibility is greater than,
less than, or equal to the
configured value. The
default is 5.
Relevance Valid when the event
relevance is greater than,
less than, or equal to the
configured value. The
default is 5.
Source Valid when the source IP
Location address of the event is
either local or remote.
Destination Valid when the destination
Location IP address of the event is
either local or remote.
Geographic Valid when the source of
this event is located in the
configured geographic
region.
Rate Analysis STRM Log Management
monitors event rates of all
source IP addresses/QIDs
and destination IP
addresses/QIDs and marks
events that exhibit abnormal
rate behavior.
Valid when the event has
been marked for rate
analysis.
Default Test Name
when the event credibility
is greater than 5
{default}
when the event relevance
is greater than 5
{default}
when the source is local
or remote {default:
remote}
when the destination is
local or remote {default:
remote}
when the attacker is
located in this
geographic location
when the event has been
marked with rate analysis
STRM Log Management Users Guide
Creating a Rule
Parameters
Configure the following parameters:
greater than - Specify whether the
•
credibility is greater than, less than,
or equal to the configured value.
this value - Specify the index,
•
which is a value from 0 to 10.
Configure the following parameters:
greater than - Specify whether the
•
relevance is greater than, less than,
or equal to the configured value.
this value - Specify the index,
•
which is a value from 0 to 10.
local or remote - Specify either local
or remote traffic.
local or remote - Specify either local
or remote traffic.
this geographic location - Specify
the geographic regions you wish this
test to consider.
49