Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1 Manual page 61

Table 4-8 Sentry Response Parameters (continued)
Parameter Sub-Parameter Action
Email
Recipient(s)
Format
Trigger Trigger Script
Syslog
Click Next.
Step 10
Review the sentry details. Click Finish.
Step 11
Specify the recipient(s) of the notification e-mail sent
by the sentry engine. Separate multiple entries with a
comma.
Specify the amount of text included in the e-mail.
Options include: Subject Only, Brief, Detailed - Text,
Detailed - HTML.
Using the drop-down list box, specify the action you
wish the sentry engine to perform. The options include:
Trigger Script - Specify if you wish this sentry to
•
use the following:
SNMP traps - Sentry engine sends an SNMP Trap
notification.
Block IPs - Sentry engine blocks specific IP
addresses.
Parameters - Specify the parameters required to
•
trigger either the SNMP trap or to block IP
addresses. Enter parameters in the following
format:
If you are using SNMP version 1:
1 <community> <IP address>
1.3.6.1.4.1. 20212
If you are using SNMP version 2:
2 <community> <IP address>
1.3.6.1.4.1.20212.200.3
Note: These default scripts need to be customized for
proper use in your environment. To edit the script, use
SSH to login to your STRM Console and edit the
scripts in the /opt/qradar/triggerbin directory. For
assistance, contact your local administrator.
Select the check box if you wish to save the sentry
event log file to the syslog server.
STRM Users Guide
Creating a Sentry 55