Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - REV1 Manual page 83

5
I
NVESTIGATING
The Offense Manager allows you to investigate offenses, behaviors, anomalies,
targets, and attackers on your network. STRM can correlate events and network
activity with targets located across multiple networks in the same offense, and
ultimately the same network incident. This allows you to effectively investigate
each offense in your network. You can navigate the interface to investigate the
event details to determine the unique events that caused the offense.
Using the Offense Manager, you can access and analyze the following:
•
•
•
You can also use the Offense Manager to manage your offenses by adding notes,
marking an offense for follow-up, assigning offenses to users, or closing resolved
offenses. The Offense Manager allows you to investigate flows associated to
specific offenses for forensic analysis.
This chapter provides information on using the Offense Manager including:
•
•
•
•
•
•
•
Offenses - An offense includes multiple events originating from one host. The
Offense Manager displays offenses that include traffic and vulnerabilities that
collaborate and validate the magnitude of an offense. The magnitude of an
offense is determined by several tests that performed on an offense every time
it has been scheduled for re-evaluation, usually because a events have been
added or the minimum time for scheduling has occurred.
Attackers - A device that is attempting to breach the security of a component
on your network. An attacker may be attempting unauthorized access actively
or passively using various methods of attack, such as reconnaissance or Denial
of Service (DoS) attacks.
Targets - A device that an attacker is attempting to access.
Using the Offense Manager
Managing My Offenses
Managing Offenses
Viewing Offense By Category
Managing Offenses By Attacker
Managing Offenses By Targets
Managing Offenses By Networks
STRM Users Guide
O
FFENSES