Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 56
Strm log management users guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1:
- Manual (36 pages) ,
- Administration manual (92 pages) ,
- Manual (246 pages)
Table of Contents
Advertisement
50
C
R
ONFIGURING
ULES
Table 4-3 Event Property Tests (continued)
Test
Description
False Positive
When you tune false
Tuning
positive events in the Event
Viewer, the resulting tuning
values appear in this test. If
you wish to remove a false
positive tuning, you can edit
this test to remove the
necessary tuning values.
Username
Valid when the configured
username is associated with
an event.
Table 4-4 IP / Port Test Group
Test
Description
Source Port
Valid when the source port
of the event is one of the
configured source port(s).
Destination Port Valid when the destination
port of the event is one of
the configured destination
port(s).
Local Port
Valid when the local port of
the event is one of the
configured local port(s).
Default Test Name
when the false positive
signature matches one of
the following signatures
when the event(s)
username is this string
IP/Port Tests
The IP/Port tests include:
Default Test Name
when the source port is one
of the following ports
when the destination port is
one of the following ports
when the local port is one
of the following ports
STRM Log Management Users Guide
Parameters
signatures - Specify the false positive
signature you wish this test to
consider. Enter the signature in the
following format:
<CAT|QID|ANY>:<value>:<source
IP>:<dest IP>
Where:
<CAT|QID|ANY> - Specify whether
you wish this false positive signature
to consider a category (CAT), Q1 Labs
Identifier (QID), or any value.
<value> - Specify the value for the
<CAT|QID|ANY> parameter. For
example, if you specified QID, you
must specify the QID value.
<source IP> - Specify the source IP
address you wish this false positive
signature to consider.
<dest IP> - Specify the destination IP
address you wish this false positive
signature to consider.
Configure the following parameters:
is - Specify the value you wish to
•
associate with this test. Options
include: is, contains, starts with, or
ends with.
this string - Specify a username
•
you wish this test to consider.
Parameters
ports - Specify the ports you wish
this test to consider.
ports - Specify the ports you wish
this test to consider.
ports - Specify the ports you wish
this test to consider.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series