Table of Contents
Advertisement
228
G
LOSSARY
external data views
event
Event Collector
Event Processor
flow
flow data
flow logs
Flow Processor
flow sources
flow type view
Flow View
Fully Qualified
Domain Name
(FQDN)
Require input from external products, such as an IDS engine (for example,
SNORT) or firewalls (for example, Cisco PIX or Checkpoint Firewall). These
external products provide information to STRM on specified IP addresses that are
correlated to the flows responsible. STRM monitors flows between these systems
and tags traffic between the hosts for a configured period of time.
Record from a device that describes an action on a network or host.
Collects security events from various types of security devices in your network.
The Event Collector gathers events from local, remote, and device sources. The
Event Collector then normalizes the events and sends the information to the Event
Processor.
Processes flows collected from one or more Event Collector(s). The events are
bundled once again to conserve network usage. Once received, the Event
Processor correlates the information from STRM and distributed to the appropriate
area, depending on the type of event.
Communication session between two host. Describes how traffic is communicated,
what was communicated (if content capture option has been selected), and
includes such details as when, who, how much, protocols, priorities, options, etc.
Specific properties of a flow including: IP addresses, ports, protocol, bytes,
packets, flags, direction, application ID, and payload data (optional).
Record of flows that enables the system to understand the context of a particular
transmission over the network. Flows are stored in flow logs.
Collects and consolidates data from one or more QFlow Collector(s). Functions
include removing duplicate flows and creating superflows (aggregate flows) before
the flows reach the Classification Engine.
Source of flows that the QFlow Collector receives. Using the deployment editor,
you can add internal and external flow sources from either the System or Flow
Views in the deployment editor.
Allows you to view network activity according to flow types. This depends on the
ratio of incoming activity to outgoing activity.
Allows you to create a view that outlines how flows are processed in your
deployment by allocating and connecting flow-based components. For example,
connecting a QFlow Collector to a Flow Processor.
The portion of an Internet Uniform Resource Locator (URL) that fully identifies the
server program that an Internet request is addressed to.
STRM Users Guide
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1
- Juniper NETWORKS STRM - TECHNICAL NOTE REV 6-2008
- Juniper JUNOS - NETWORK OPERATION GUIDE REV1
- Juniper JUNOSE 11.1.0 - REV 4-29-2010
- Juniper MEDIA FLOW CONTROLLER 2.0.5 - S REV 15-11-2010
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - INSTALLATION REV1
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - E120 AND E320 MODULE GUIDE REV 01-10-2010
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - E120 AND E320 HARDWARE GUIDE REV 9-29-2010
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - ERX MODULE GUIDE REV 27-9-2010