1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. SECURITY THREAT RESPONSE MANAGER 2008.2 R2 -...
  6. Manual

Viewing Aggregate Normalized Events - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1 Manual

Hide thumbs
Table of Contents

Advertisement

140
U
E
SING THE
VENT
Viewing Aggregate
Normalized Events
V
IEWER
Table 6-6 Raw Events Parameters (continued)
Parameter
Start Time
Device
Payload
Using the Event Viewer, you can view events aggregated (grouped) by various
options.
Table 6-7 Aggregate Normalized Events
Aggregate Option
Event Name
Source IP
Destination IP
Source Port
Destination Port
High Level Category
Low Level Category
Magnitude
Credibility
Severity
Description
Specifies the time of the first event, as reported to STRM by the
device.
Specifies the device that originated the event.
Specifies the original event payload information in UTF-8 format.
Description
Displays a summarized list of events grouped by the
normalized name of the event.
Displays a summarized list of events grouped by the source
IP address of the event.
Displays a summarized list of events grouped by the
destination IP address of the event.
Displays a summarized list of events grouped by the source
port address of the event.
Displays a summarized list of events grouped by the
destination port address of the event.
Displays a summarized list of events grouped by the
high-level category of the event.
For more information on categories, see the Event Category
Correlation Reference Guide.
Displays a summarized list of events grouped by the
low-level category of the event.
For more information on categories, see the Event Category
Correlation Reference Guide.
Displays a summarized list of events grouped by the
magnitude for this event. The variables used to calculate
magnitude include credibility, relevance, and severity.
Credibility indicates the integrity of an event as determined
by the credibility rating from source devices. Credibility
increases as the multiple sources results grouped by the
credibility of the event. This aggregate option displays a
summarized list of events grouped by the credibility of the
event.
Severity indicates the amount of threat an attacker poses in
relation to how prepared the target is for the attack. This
value is mapped to an event category that is correlated to
the offense. This aggregate option displays a summarized
list of events grouped by the severity of the event.
STRM Users Guide

Advertisement

Table of Contents
loading

Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1

Related Content for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1

This manual is also suitable for:

Security threat response manager 2008.2 r2

Table of Contents