Sign In
Upload
Manuals
Brands
Juniper Manuals
Software
SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manuals
Manuals and User Guides for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1. We have
6
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 manuals available for free PDF download: Administration Manual, Manual, Getting Started, Release Note
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Administration Manual (370 pages)
STRM Administration Guide
Brand:
Juniper
| Category:
Software
| Size: 3.36 MB
Table of Contents
Table of Contents
3
About this Guide
9
Audience
9
Conventions
9
Technical Documentation
9
Documentation Feedback
9
Requesting Support
10
1 Overview
11
About the Interface
11
Accessing the Administration Console
11
Using the Interface
11
Deploying Changes
11
Viewing STRM Audit Logs
11
Logged Actions
13
Viewing the Log File
13
2 Managing Users
19
Managing Roles
19
Creating a Role
19
Editing a Role
22
Managing User Accounts
23
Creating a User Account
23
Editing a User Account
23
Disabling a User Account
23
Authenticating Users
26
3 Setting U Pstrm
29
Managing Your License Keys
29
Updating Your License Key
29
Exporting Your License Key Information
29
Creating Your Network Hierarchy
29
Considerations
32
Defining Your Network Hierarchy
32
Scheduling Automatic Updates
36
Scheduling Automatic Updates
37
Updating Your Files On-Demand
38
Configuring STRM Settings
39
Configuring System Notifications
44
Configuring the Console Settings
47
Starting and Stopping STRM
49
Resetting SIM
49
Accessing the Embedded SNMP Agent
50
Configuring Access Settings
51
Configuring Firewall Access
51
Updating Your Host Set-Up
51
Configuring Interface Roles
51
Changing Passwords
51
Updating System Time
51
4 Managing Backup and Recovery
61
Managing Backup Archives
61
Viewing Back up Archives
61
Importing an Archive
61
Deleting a Backup Archive
61
Backing up Your Information
61
Scheduling Your Backup
64
Initiating a Backup
64
Restoring Your Configuration Information
67
5 Using the Deployment Editor
69
About the Deployment Editor
69
Accessing the Deployment Editor
71
Using the Editor
71
Creating Your Deployment
73
Before You Begin
73
Editing Deployment Editor Preferences
74
Building Your Flow View
74
Adding STRM Components
74
Connecting Components
74
Connecting Deployments
74
Building Your Event View
74
Managing Your System View
75
Connecting Components
85
Assigning a Component to a Host
88
Configuring a Managed Host
88
Setting up Managed Hosts
88
Using NAT with STRM
88
Configuring Host Context
89
Configuring STRM Components
103
Configuring a Flow Collector
103
Configuring a Flow Processor
103
Configuring a Classification Engine
103
Configuring an Update Daemon
103
Configuring a Flow Writer
103
Configuring an Event Collector
103
Configuring an Event Processor
103
Configuring the Magistrate
103
6 Managing Flow Sources
123
About Flow Sources
123
Netflow
123
Sflow
123
J-Flow
123
Packeteer
125
Flowlog File
126
Managing Flow Sources
126
Adding a Flow Source
126
Editing a Flow Source
126
Enabling/Disabling a Flow Source
126
Deleting a Flow Source
130
Managing Flow Source Aliases
130
Adding a Flow Source Alias
130
Editing a Flow Source Alias
130
Deleting a Flow Source Alias
130
7 Managing Sentries
133
About Sentries
133
Viewing Sentries
133
Editing Sentry Details
133
Managing Packages
133
Creating a Sentry Package
140
Editing a Sentry Package
140
Managing Logic Units
143
Creating a Logic Unit
143
Editing a Logic Unit
146
8 Managing Views
147
Using STRM Views
147
About Views
147
About Global Views
147
Defining Unique Objects
149
Managing Ports View
150
Default Ports Views
150
Adding a Ports Object
150
Editing a Ports Object
150
Managing Application Views
154
Default Application Views
154
Adding an Applications Object
154
Editing an Applications Object
154
Managing Remote Networks View
159
Default Remote Networks Views
159
Adding a Remote Networks Object
159
Editing a Remote Networks Object
159
Managing Remote Services Views
162
Default Remote Services Views
162
Adding a Remote Services Object
162
Editing a Remote Services Object
162
Managing Collector Views
166
Adding a Flow Collector Object
166
Editing a Flow Collector Object
166
Managing Custom Views
169
About Custom Views
169
Editing Custom Views
169
Editing the Equation
169
Enabling and Disabling Views
180
Using Best Practices
182
9 Configuring Rules
183
Viewing Rules
184
Enabling/Disabling Rules
184
Creating a Rule
184
Event Rule Tests
187
Offense Rule Tests
211
Copying a Rule
216
Deleting a Rule
216
Grouping Rules
217
Viewing Groups
217
Creating a Group
217
Copying an Item to Another Group(S)
217
Deleting an Item from a Group
217
Assigning an Item to a Group
217
Editing Building Blocks
221
10 Discovering Servers
225
11 Forwarding Syslog Data
227
Adding a Syslog Destination
227
Editing a Syslog Destination
227
Delete a Syslog Destination
227
Juniper Networks Mib
231
Default Sentries
245
Enterprise Template Defaults
246
Default Sentries
246
Default Custom Views
253
IP Tracking Group
253
Threats Group
253
Attacker Target Analysis Group
253
Target Analysis Group
253
Policy Violations Group
253
ASN Source Group
253
ASN Destination Group
253
Ifindexin Group
253
Ifindexout Group
253
Threats Group
254
Attacker Target Analysis Group
257
Target Analysis Group
258
Policy Violations Group
259
ASN Source Group
260
ASN Destination Group
260
Ifindexin Group
260
Ifindexout Group
260
Qos Group
260
Flow Shape Group
261
Default Rules
262
Default Building Blocks
274
Default Sentries
289
University Template Defaults
290
Default Sentries
290
Default Custom Views
297
IP Tracking Group
297
Threats Group
297
Attacker Target Analysis Group
297
Target Analysis Group
297
Policy Violations Group
297
ASN Source Group
297
ASN Destination Group
297
Ifindexin Group
297
Ifindexout Group
297
Threats Group
298
Attacker Target Analysis Group
301
Target Analysis Group
302
Policy Violations Group
303
ASN Destination Group
304
ASN Source Group
304
Ifindexin Group
304
Ifindexout Group
304
Qos Group
304
Flow Shape Group
305
Default Rules
306
Default Building Blocks
318
Default Sentries
333
Isp Template Defaults
334
Default Sentries
334
Default Custom Views
336
IP Tracking Group
336
Threats Group
336
Attacker Target Analysis Group
336
Target Analysis Group
336
Policy Violations Group
336
ASN Source Group
336
ASN Destination Group
336
Threats Group
337
Attacker Target Analysis Group
340
Target Analysis Group
341
Policy Violations Group
342
Ifindexin Group
343
ASN Source Group
343
ASN Destination Group
343
Qos Group
343
Flow Shape Group
344
Default Rules
345
Default Building Blocks
354
Advertisement
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual (228 pages)
Configuring DSMs
Brand:
Juniper
| Category:
Software
| Size: 1.06 MB
Table of Contents
Table of Contents
3
Ambiron Trustwave Ipangel
13
Apache HTTP Server
15
F5 Networks Bigip
21
Blue Coat SG
23
Check Point Firewall-1
25
Check Point Provider-1
31
Cisco ACS
35
Cisco ASA
37
Cisco Catos for Catalyst Switches
39
Cisco CSA
41
Cisco FWSM
43
Cisco IDS/IPS
45
Cisco NAC Device
47
Cisco IOS
49
Cisco Pix
51
Cisco VPN 3000 Concentrator
53
Cyberguard Firewall/Vpn Appliance
55
Enterasys Dragon
57
Enterasys Matrix Router
61
Enterasys Matrix N-Series
63
Forescout Counteract
67
Fortinet Fortigate
69
Generic Authorization Server
71
Generic Firewall
75
IBM Proventia Management Siteprotector
81
ISS Proventia
83
Juniper DX Application Acceleration Platform
85
Juniper EX-Series Ethernet Switch
87
Juniper Netscreen IDP
89
Juniper Networks Secure Access
91
Juniper Infranet Controller
95
Juniper Netscreen Firewall
99
Juniper NSM
99
Juniper Router
101
Linux DHCP
105
Linux Iptables
107
Linux Login Messages
109
Mcafee Intrushield
111
Mcafee Epolicy Orchestrator
113
Metainfo Metaip
115
Microsoft Exchange Server
117
Microsoft DHCP Server
119
Microsoft IAS Server
121
Microsoft SQL Server
125
Microsoft Windows Security Event Log
127
Niksun
129
Nokia Firewall
131
Nortel ARN
135
Nortel Application Switch
137
Nortel Contivity Firewall/Vpn
139
Nortel VPN Gateway
151
Openbsd
153
Open Source SNORT
155
Oracle DB Listener
161
Proftpd
165
Samhain
167
Sun Solaris
173
Sun Solaris DHCP
175
Sonicwall
177
Sun Solaris Sendmail
179
Sourcefire Intrusion Sensor
181
Squid Web Proxy
183
Symantec SGS
185
Symantec System Center
187
Symark Powerbroker
189
Tipping Point Intrusion Prevention System
191
Tippingpoint X505/X506 Device
193
Toplayer
195
Trend Micro Interscan Viruswall
197
Tripwire
199
Universal DSM
201
Vericept Content 360 DSM
213
Supported Dsms
215
Array Network SSL VPN
216
Extreme Networks Extremeware
219
Oracle Audit Records
224
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual (94 pages)
Category Offense Investigation Guide
Brand:
Juniper
| Category:
Software
| Size: 1.61 MB
Table of Contents
Table of Contents
3
About this Guide
7
Documentation Feedback
7
Requesting Support
7
1 Access Offenses
9
What Is an Access Offense
9
How Do I Investigate an Access Offense
10
How Do I Tune an Access Offense
13
2 Sim Audit Offenses
15
What Is SIM Audit
15
How Do I Investigate a SIM Audit Offense
15
How Do I Tune a SIM Audit Offense
18
Tuning Using False Positive Function
18
Tuning Using Custom Rules Wizard
20
3 Authentication Offenses
23
What Is an Authentication Offense
23
How Do I Investigate an Authentication Offense
23
How Do I Tune an Authentication Offense
27
4 Cre Offenses
29
What Is a CRE Offense
29
How Do I Investigate a CRE Offense
29
How Do I Tune a CRE Offense
32
5 Denial of Service (D O S) Offenses
33
What Is a Dos Offense
33
What Is a Dos Flood Attack
33
What Is a Dos Service Exploit
34
How Do I Investigate a Dos Offense
34
How Do I Tune a Dos Offense
38
Tuning Using False Positive Function
38
Tuning Using Sentries
39
Tuning Using Custom Rules Wizard
39
How Can I Verify if STRM Is Receiving Valid Dos Offenses
40
6 Exploit Offenses
41
What Is an Exploit Attack
41
How Do I Investigate an Exploit Offense
41
How Do I Tune an Exploit Offenses
45
How Can I Verify that STRM Is Receiving Valid Exploit Offenses
46
7 Malware Offenses
47
What Is Malware
47
What Is a Malware Offense
47
How Do I Investigate a Malware Offense? How Do I Tune a Malware Offense
47
8 Network Anomalies Offenses
53
What Is an Network Anomaly Offense
53
Policy
53
Threshold
53
Anomaly
54
Behavior
54
How Do I Investigate a Network Anomaly Offense
54
How Do I Tune a Network Anomaly Offense
56
9 Policy Offenses
57
What Is a Policy Offense
57
How Do I Investigate a Policy Offense
57
How Do I Tune a Policy Offense
60
Tuning Using False Positive Function
60
Tuning Using Custom Rules Wizard
61
How Can I Verify that STRM Is Receiving Valid Offenses
61
10 Potential Exploit Offenses
63
What Is a Potential Exploit Offense
63
How Do I Investigate a Potential Exploit Offense
63
How Do I Tune a Potential Exploit Offense
65
11 Reconnaissance Offenses
67
What Is Reconnaissance
67
What Is Network Reconnaissance
67
What Is a Reconnaissances Offense
67
How Do I Investigate a Reconnaissance Offense
68
How Do I Tune a Reconnaissance Offense
71
Tuning Using False Positive Function
71
Tuning Using Custom Rules Wizard
73
12 Suspicious Activity Offenses
75
What Is a Suspicious Attack
75
What Is Suspicious Traffic
75
What Is a Suspicious Offense
75
How Do I Investigate Suspicious Offense
76
How Do I Tune a Suspicious Offenses
79
13 System Offenses
83
What Is a System Offense
83
How Do I Investigate a System Offense
83
How Do I Tune a System Offense
86
How Can I Verify that STRM Is Receiving Valid Offenses
87
14 User Defined Offenses
89
What Is a User Defined Offense
89
How Do I Investigate a User Defined Offense
89
How Do I Tune a User Defined Offense
92
Advertisement
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Getting Started (10 pages)
Getting Started with STRM Log Management Appliances
Brand:
Juniper
| Category:
Software
| Size: 1.06 MB
Table of Contents
Connect to External Devices
5
Connect to the Network
5
Connect to Power Source
5
Configure Time Zone
7
Configure Passwords
8
Finish Installation
8
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Getting Started (14 pages)
Getting Started With STRM Appliances
Brand:
Juniper
| Category:
Software
| Size: 1.92 MB
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Release Note (11 pages)
Brand:
Juniper
| Category:
Software
| Size: 0.08 MB
Advertisement
Related Products
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
Juniper Categories
Network Router
Switch
Gateway
Software
Network Hardware
More Juniper Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL