Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1 Manual page 232

226 G
LOSSARY
behavior
behavior sentry
branch filtering
branding
calculated layers
CIDR
Classification Engine
Classless
Inter-Domain Routing
(CIDR)
client
coalescing interval
Console
content capture
Indicates the normal manner in which the system or network functions or operates.
Monitors your deployment to detect changes in behavior. STRM learns how a
particular object typically functions over a period of time. This means that STRM
records the number of hosts with your network at different points of the day. This
allows STRM to develop an accurate profile of seasonal behavior.
Breaks up the network hierarchy and divides it into sections. Branch filtering
enhances performance and divides the processing load across several
Classification Engines.
A reporting option that enables a STRM user to upload custom logos for
customized reports.
Typically, identifies small changes in activity or isolates low levels of activity on a
busy network segment. Calculated Layers applies mathematical function to the
Y-axis units of the STRM main graph.
See Classless Inter-Domain Routing.
Receives inputs from one or more Flow Processor(s), classifies the flows into
views and objects, and outputs the resulting data and flow logs to the Update
Daemon to be stored on disk.
Addressing scheme for the Internet, which allocates and species Internet
addresses used in inter-domain routing. With CIDR, a single IP address can be
used to designate many unique IP addresses.
The host that originates communication.
The interval for coalescing (bundling) events is 10 seconds, beginning with the first
event that does not match any currently coalescing events. Within the interval, the
first three matching events are released immediately to the Event Processor and
the fourth and subsequent events are coalesced such that the payload and other
features are kept from the fourth event. Each arrival of a matching event during the
interval increments the event count of the fourth event. At the end of the interval,
the coalesced event is released to the Event Processor and the next interval
begins for matching events. If no matching events arrive during this interval, the
process restarts. Otherwise, the coalescing continues with all events counted and
released in 10 second intervals.
Web interface for STRM. STRM is accessed from a standard web browser
(preferably Internet Explorer 6.0 /7.0 or Mozilla Firefox 2.0). When you access the
system, a prompt appears for a user name and password, which must be
configured in advance by the STRM administrator.
QFlow Collectors capture a configurable amount of payload and store the data in
the flow logs. You can view this data using the View Flows function.
STRM Users Guide