Copying A Rule - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual

52 C R
ONFIGURING ULES
Table 4-6 Device Tests
Test Description
Source Device Valid when one of the
configured source devices is
the source of the event.
Source Device Valid when one of the
Type configured device types is the
source of the event
Devices Valid when the event(s) have
not been detected by the
configured devices.
Device Groups Valid when an event is
detected by the configured
device groups

Copying a Rule

Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Device Tests
The device tests include:
To copy a rule:
Select the Event Viewer tab.
The Event Viewer window appears.
Click Rules.
The Rules List window appears.
In the Display drop-down list box, select Rules.
Select the rule you wish to duplicate.
From the Actions drop-down list box, select Duplicate.
In the Enter name for the copied rule, enter a name for the new rule. Click Ok.
The duplicated rule appears.
Click Edit to edit the tests for the rule.
For more information on editing the rule, see
STRM Log Management Users Guide
Default Test Name
when the event(s) were
detected by one or
more of these device
when the event(s) were
detected by one or
more of these device
types
when the event(s)
have not been
detected by one or
more of these devices
for 300 seconds.
when the event(s) were
detected by one or
more of these device
groups
Parameters
these devices - Specify the devices
that you wish this test to detect.
these device types - Specify the
devices that you wish this test to
detect.
Configure the following parameters:
these devices - Specify the
•
devices you wish this test to
consider.
300 - Specify the time, in
•
seconds, you wish this test to
consider.
these device groups - Specify the
groups you wish this rule to
consider.
Creating a Rule.