Table of Contents
Advertisement
58
M
S
ANAGING
ENTRIES
Table 4-9 Anomaly Sentry Parameters
Parameter
Large Window
Small Window
Percent change
required to alert
Layer
Direction
Test as group
Date is relevant
Day of week is relevant
Time of day is relevant
STRM Users Guide
Action
Specify an extended period of time you wish the system to
monitor flows in your network. This allows the system a
basis of comparison for traffic over an extended period of
time. If the large window and small window values exceed
a certain threshold, the sentry generates an alert.
We recommend that you include at least two cycles for
comparison. For example, if your network is experiences
high traffic volume during the day but less traffic at night,
you should set this parameter to at least two cycles for
comparison.
Specify a period of time you wish the system to monitor
flows in your network. This allows the system a basis of
comparison for traffic over an smaller period of time. If the
large window and small window values exceed a certain
threshold, the sentry generates an alert.
We recommend that you set the small window to at least
twice as large as a typical burst of traffic. For example, if
your network experiences bursts of traffic that exist for 30
minutes, set this value to at least 1 hour.
Specify the percentage change in behavior this view must
experience before the sentry generates an alert. For a low
activity network, set this value to a high value. For a high
activity network, set this to a low percentage value.
Specifies the property and measurement used in the Y-axis
of the Network Surveillance graphs. The current value
being used to draw the graphs is displayed in red in the
Layers console. The values that can be used include bytes,
packets, number of hosts, and others.
Specify the direction of traffic you wish this sentry to
monitor. The options are In, Out, or Both.
Select the check box if you wish all objects to add together
to be tested. For example, when selected, the top line of
the graph is evaluated as a group. If the check box is clear,
you wish all objects to be tested independently.
Select the check box if you wish this sentry to consider
date. When selected, date fields appear. Enter the relevant
dates you wish this sentry to monitor. By default, the check
box is clear.
Select the check box if you wish this sentry to consider the
day of the week. When selected, the day of the week fields
appear. Using the drop-down list boxes, select the relevant
days you wish this sentry to consider. By default, the check
box is clear.
Select the check box if you wish this sentry to consider the
time of day. When selected, the time of day fields appear.
Using the drop-down list box, select the time of day you
wish this sentry to consider.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1
- Juniper NETWORKS STRM - TECHNICAL NOTE REV 6-2008
- Juniper JUNOS - NETWORK OPERATION GUIDE REV1
- Juniper JUNOSE 11.1.0 - REV 4-29-2010
- Juniper MEDIA FLOW CONTROLLER 2.0.5 - S REV 15-11-2010
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - INSTALLATION REV1
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - E120 AND E320 MODULE GUIDE REV 01-10-2010
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - E120 AND E320 HARDWARE GUIDE REV 9-29-2010
- Juniper E SERIES BROADBAND SERVICES ROUTERS 11.3.X - ERX MODULE GUIDE REV 27-9-2010