Table of Contents
Advertisement
Table 5-6 By Category Window Parameters
Parameter
Description
Category Name
Allows you to view offenses based on the following high-level
categories:
•
•
•
•
•
•
•
•
•
•
•
•
•
STRM Users Guide
Application - Events relating to application activity.
Access - Events resulting from an attempt to access network
resources, for example, firewall accept or deny.
Authentication - Events relating to authentication controls,
group, or privilege change, for example, log in or log out.
CRE - Events generated from an offense or event rule. For
more information on creating custom rules, see the STRM
Administration Guide.
DOS - Events relating to Denial of Service (DoS) or Distributed
Denial of Service (DDoS) attacks against services or hosts, for
example, brute force network DoS attacks.
Exploit - Events relating to application exploits and buffer
overflow attempts, for example, buffer overflow or web
application exploits.
Malware - Events relating to viruses, trojans, back door
attacks, or other forms of hostile software. This may include a
virus, trojan, malicious software, or spyware.
Network Anomalies - Network traffic patterns that indicate
new threats, misuse of assets, and even small changes in
expected behavior. For more information on network anomaly
Managing Network Anomalies
offenses, see
offense does not affect the count in Network Anomalies
category since Network Anomaly offenses are maintained by
live time series data.
Policy - Events regarding corporate policy violations or
misuse.
Potential Exploit - Events relating to potential application
exploits and buffer overflow attempts.
Recon - Events relating to scanning and other techniques
used to identify network resources, for example, network or
host port scans.
SIM Audit - Events relating to suspicious or unapproved SIM
audit events.
Suspicious Activity - The nature of the threat is unknown but
behavior is suspicious including protocol anomalies that
potentially indicate evasive techniques, for example, packet
fragmentation or known IDS evasion techniques.
Viewing Offense By Category
. Closing an
95
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1
- Juniper NETWORKS STRM - TECHNICAL NOTE REV 6-2008
- Juniper JUNOS - NETWORK OPERATION GUIDE REV1
- Juniper JUNOSE 11.1.0 - REV 4-29-2010
- Juniper MEDIA FLOW CONTROLLER 2.0.5 - S REV 15-11-2010
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - INSTALLATION REV1
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - E120 AND E320 MODULE GUIDE REV 01-10-2010
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - E120 AND E320 HARDWARE GUIDE REV 9-29-2010
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - ERX MODULE GUIDE REV 27-9-2010