Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1 Manual page 54

48 M S
ANAGING ENTRIES
Step 10
Step 11
Table 4-4 Sentry Response Parameters (continued)
Parameter Sub-Parameter Action
Trigger Trigger Script
Syslog
If you did not select the auto learn option:
b
Table 4-5 Security/Policy Sentry Response Parameters
Parameter
High-Level Category
Low-Level Category
Ensure the dispatched
event is part of an offense
Address to mark as the
target
Note: For detailed information on high-level and low-level categories, see the
Event Category Correlation Reference Guide.
Click Next.
Review the sentry details. Click Finish.
STRM Users Guide
Using the drop-down list box, specify the action you
wish the sentry engine to perform. The options include:
Trigger Script - Specify if you wish this sentry to
•
use the following:
SNMP traps - Sentry engine sends an SNMP Trap
notification.
Block IPs - Sentry engine blocks specific IP
addresses.
Parameters - Specify the parameters required to
•
trigger either the SNMP trap or to block IP
addresses. Enter parameters in the following
format:
If you are using SNMP version 1:
1 <community> <IP address>
1.3.6.1.4.1. 20212
If you are using SNMP version 2:
2 <community> <IP address>
1.3.6.1.4.1.20212.200.3
Note: These default scripts need to be customized for
proper use in your environment. To edit the script, use
SSH to login to your STRM Console and edit the
scripts in the /opt/qradar/triggerbin directory. For
assistance, contact your local administrator.
Select the check box if you wish to save the sentry
event log file to the syslog server.
Action
Using the drop-down list box, specify the high-level event
category.
Using the drop-down list box, specify the low-level event
category.
Select the check box if you wish this event to be included
with other events to create an offense.
Using the drop-down list box, identify if you wish the
destination or source IP address to be used as the target.