Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Administration Manual

Category
Software
Type
Administration Manual
Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089
USA
408-745-2000
www.juniper.net
Part Number: 530-025612-01, Revision 1
Security Threat Response Manager
STRM Administration Guide
Release 2008.2
2 î‚„
Copyright Notice
Copyright © 2008 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper
Networks Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this
document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks
assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves
the right to change, modify, transfer, or otherwise revise this publication without notice.
FCC Statement
The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A
digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and
used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential
area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following
information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it
is not installed in accordance with NetScreen’s installation instructions, it may cause interference with radio and television reception. This equipment has
been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These
specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that
interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be
determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Consult the dealer or an experienced radio/TV
technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected.
Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device.
Disclaimer
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET
THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE
SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY.
STRM Administration Guide
Release 2008.2
Copyright © 2008, Juniper Networks, Inc.
All rights reserved. Printed in USA.
Revision History
June 2008—Revision 1
The information in this document is current as of the date listed in the revision history.
CONTENTS
ABOUT THIS GUIDE
Audience 1
Conventions 1
Technical Documentation 1
Documentation Feedback 1
Requesting Support 2
1 OVERVIEW
About the Interface 3
Accessing the Administration Console 4
Using the Interface 4
Deploying Changes 5
Viewing STRM Audit Logs 5
Logged Actions 5
Viewing the Log File 8
2 MANAGING USERS
Managing Roles 11
Creating a Role 11
Editing a Role 14
Managing User Accounts 15
Creating a User Account 15
Editing a User Account 17
Disabling a User Account 17
Authenticating Users 18
3 SETTING UP STRM
Managing Your License Keys 21
Updating your License Key 22
Exporting Your License Key Information 23
Creating Your Network Hierarchy 24
Considerations 24
Defining Your Network Hierarchy 25
Scheduling Automatic Updates 28
Scheduling Automatic Updates 29
Updating Your Files On-Demand 30
Configuring STRM Settings 31
Configuring System Notifications 36
Configuring the Console Settings 39
Starting and Stopping STRM 41
Resetting SIM 41
Accessing the Embedded SNMP Agent 42
Configuring Access Settings 43
Configuring Firewall Access 43
Updating Your Host Set-up 45
Configuring Interface Roles 46
Changing Passwords 47
Updating System Time 48
4 MANAGING BACKUP AND RECOVERY
Managing Backup Archives 53
Viewing Back Up Archives 53
Importing an Archive 54
Deleting a Backup Archive 55
Backing Up Your Information 56
Scheduling Your Backup 56
Initiating a Backup 58
Restoring Your Configuration Information 59
5 USING THE DEPLOYMENT EDITOR
About the Deployment Editor 62
Accessing the Deployment Editor 63
Using the Editor 63
Creating Your Deployment 65
Before you Begin 65
Editing Deployment Editor Preferences 66
Building Your Flow View 66
Adding STRM Components 67
Connecting Components 69
Connecting Deployments 70
Renaming Components 73
Building Your Event View 73
Adding Components 75
Connecting Components 77
Forwarding Normalized Events 77
Renaming Components 80
Managing Your System View 80
Setting Up Managed Hosts 81
Using NAT with STRM 87
Configuring a Managed Host 91
Assigning a Component to a Host 91
Configuring Host Context 92
Configuring STRM Components 95
Configuring a Flow Collector 95
Configuring a Flow Processor 98
Configuring a Classification Engine 104
Configuring an Update Daemon 106
Configuring a Flow Writer 108
Configuring an Event Collector 109
Configuring an Event Processor 110
Configuring the Magistrate 112
6 MANAGING FLOW SOURCES
About Flow Sources 115
NetFlow 115
sFlow 116
J-Flow 117
Packeteer 117
Flowlog File 118
Managing Flow Sources 118
Adding a Flow Source 118
Editing a Flow Source 120
Enabling/Disabling a Flow Source 121
Deleting a Flow Source 122
Managing Flow Source Aliases 122
Adding a Flow Source Alias 122
Editing a Flow Source Alias 123
Deleting a Flow Source Alias 124
7 MANAGING SENTRIES
About Sentries 125
Viewing Sentries 126
Editing Sentry Details 127
Managing Packages 132
Creating a Sentry Package 132
Editing a Sentry Package 134
Managing Logic Units 135
Creating a Logic Unit 135
Editing a Logic Unit 138
8 MANAGING VIEWS
Using STRM Views 139
About Views 139
About Global Views 140
Defining Unique Objects 141
Managing Ports View 142
Default Ports Views 142
Adding a Ports Object 142
Editing a Ports Object 144
Managing Application Views 146
Default Application Views 146
Adding an Applications Object 147
Editing an Applications Object 149
Managing Remote Networks View 151
Default Remote Networks Views 151
Adding a Remote Networks Object 151
Editing a Remote Networks Object 153
Managing Remote Services Views 154
Default Remote Services Views 154
Adding a Remote Services Object 155
Editing a Remote Services Object 156
Managing Collector Views 158
Adding a Flow Collector Object 158
Editing a Flow Collector Object 159
Managing Custom Views 161
About Custom Views 161
Editing Custom Views 170
Editing the Equation 171
Enabling and Disabling Views 172
Using Best Practices 174
9 CONFIGURING RULES
Viewing Rules 176
Enabling/Disabling Rules 177
Creating a Rule 177
Event Rule Tests 194
Offense Rule Tests 203
Copying a Rule 208
Deleting a Rule 208
Grouping Rules 209
Viewing Groups 209
Creating a Group 209
Editing a Group 211
Copying an Item to Another Group(s) 211
Deleting an Item from a Group 213
Assigning an Item to a Group 213
Editing Building Blocks 213
10 DISCOVERING SERVERS
11 FORWARDING SYSLOG DATA
Adding a Syslog Destination 219
Editing a Syslog Destination 220
Delete a Syslog Destination 221
A JUNIPER NETWORKS MIB
B ENTERPRISE TEMPLATE DEFAULTS
Default Sentries 237
Default Custom Views 245
IP Tracking Group 245
Threats Group 246
Attacker Target Analysis Group 249
Target Analysis Group 250
Policy Violations Group 251
ASN Source Group 252
ASN Destination Group 252
IFIndexIn Group 252
IFIndexOut Group 252
QoS Group 252
Flow Shape Group 253
Default Rules 254
Default Building Blocks 266
C UNIVERSITY TEMPLATE DEFAULTS
Default Sentries 281
Default Custom Views 289
IP Tracking Group 289
Threats Group 290
Attacker Target Analysis Group 293
Target Analysis Group 294
Policy Violations Group 295
ASN Source Group 296
ASN Destination Group 296
IFIndexIn Group 296
IFIndexOut Group 296
QoS Group 296
Flow Shape Group 297
Default Rules 298
Default Building Blocks 310
D ISP TEMPLATE DEFAULTS
Default Sentries 325
Default Custom Views 328
IP Tracking Group 328
Threats Group 329
Attacker Target Analysis Group 332
Target Analysis Group 333
Policy Violations Group 334
ASN Source Group 335
ASN Destination Group 335
IFIndexIn Group 335
IFIndexIn Group 335
QoS Group 335
Flow Shape Group 336
Default Rules 337
Default Building Blocks 346
INDEX
STRM Administration Guide
ABOUT THIS GUIDE
The STRM Administration Guide provides you with information for managing
STRM functionality requiring administrative access.
Audience This guide is intended for the system administrator responsible for setting up
STRM in your network. This guide assumes that you have STRM administrative
access and a knowledge of your corporate network and networking technologies.
Conventions Table 1 lists conventions that are used throughout this guide.
Technical
Documentation
You can access technical documentation, technical notes, and release notes
directly from the Juniper networks Support Web site at
http://
www.juniper.net/support/.
Documentation
Feedback
We encourage you to provide feedback, comments, and suggestions so that we
can improve the documentation. Send your comments to
techpubs-comments@juniper.net, or fill out the documentation feedback form at
http://www.juniper.net/techpubs/docbug/docbugreport.html. If you are using e-mail, be
sure to include the following information with your comments:
• Document name
• Document part number
Table 1 Icons
Icon Type Description
Information note Information that describes important features or
instructions.
Caution Information that alerts you to potential loss of
data or potential damage to an application,
system, device, or network.
Warning Information that alerts you to potential personal
injury.
STRM Administration Guide
2 ABOUT THIS GUIDE
• Page number
• Software release version
Requesting
Support
• Open a support case using the Case Management link at
http://www.juniper.net/support/ or call 1-888-314-JTAC (from the United States,
Canada, or Mexico) or 1-408-745-9500 (from elsewhere).
STRM Administration Guide
1
OVERVIEW
This chapter provides an overview of the STRM Administration Console and
STRM administrative functionality including:
• About the Interface
• Accessing the Administration Console
• Using the Interface
• Deploying Changes
• Viewing STRM Audit Logs
About the Interface You must have administrative privileges to access the Administration Console. The
STRM Administration Console provides access to following administrative
functionality:
• Manage users. See Chapter 2 Managing Users.
• Manage STRM. See Chapter 3 Setting Up STRM.
• Backup and recover your data. See Chapter 4 Managing Backup and
Recovery.
• Manage your deployment views. See Chapter 5 Using the Deployment Editor.
• Managing flow sources. See Chapter 6 Managing Flow Sources.
• Configure sentries. See Chapter 7 Managing Sentries.
• Configure views. See Chapter 8 Managing Views.
• Configure syslog forwarding. See Chapter 11 Forwarding Syslog Data.
All configuration updates using the Administration Console are saved to a staging
area. Once all changes are complete, you can deploy the configuration changes or
all configuration settings to the remainder of your deployment.
STRM Administration Guide
4 OVERVIEW
Accessing the
Administration
Console
You can access the STRM Administration Console through the main STRM
interface. To access the Administration Console, click Config in the main STRM
interface. The Administration Console appears.
Using the Interface The Administration Console provides several tab and menu options that allow you
to configure STRM including:
• System Configuration - Provides access to administrative functionality, such
as, user management, automatic updates, license key, network hierarchy,
sentries, STRM settings, system notifications, backup and recovery and
Console configuration.
• Views Configuration - Provides access to STRM views.
• SIM Configuration - Provides access to scanners, sensor device
management, syslog forwarding, and reset the SIM model.
• Flow Configuration - Provides access to flow source configuration, such as
NetFlow.
The Administration Console also includes several menu options including:
Table 1-1 Administrative Console Menu Options
Menu Option Sub-Menu Description
File Close Closes the Administration Console.
Configurations Deployment Editor Opens the deployment editor
interface.
Deploy configuration
changes
Deploys any configuration changes
from the current session to your
deployment.
Deploy All Deploys all configuration settings to
your deployment.
System STRM Start Starts the STRM application.
STRM Stop Stops the STRM application.
STRM Administration Guide
Deploying Changes 5
The Administration Console provides several toolbar options including:
Deploying Changes Once you update your configuration settings using the Administration Console,
you must save those changes to the staging area. You must either manually
deploy all changes using the Deploy menu option or, upon exit, a window appears
prompting you to deploy changes before you exit. All deployed changes are then
enforced throughout your deployment.
Using the Administration Console menu, you can deploy changes as follows:
• Deploy All - Deploys all configuration settings to your deployment.
• Deploy configuration changes - Deploys any configuration changes from the
current session to your deployment.
Viewing STRM
Audit Logs
Changes made by STRM users are recorded in the audit logs. You can view the
audit logs to monitor changes to STRM and the users performing those changes.
All audit logs are stored in plain text and are archived and compressed once the
audit log file reaches a size of 200 MB. The current log file is named
audit.log.
Once the file reaches a size of 200 MB, the file is compressed and renamed as
follows:
audit.1.gz, audit.2.gz, etc with the file number incrementing each
time a log file is archived. STRM stores up to 50 archived log files.
This section provides information on using the audit logs including:
• Logged Actions
• Viewing the Log File
Logged Actions STRM logs the following categories of actions in the audit log file:
STRM Restart Restarts the STRM application.
Help Help and Support Opens user documentation.
About STRM
Administration Console
Displays version information.
Table 1-2 Administration Console Toolbar Options
Icon Description
Opens the deployment editor interface.
Deploys all changes made through the Administration Console.
Table 1-1 Administrative Console Menu Options (continued)
Menu Option Sub-Menu Description
STRM Administration Guide
6 OVERVIEW
Table 1-3 Logged Actions
Category Action
User Authentication Log in to STRM
User Authentication Log out of STRM
Administrator Authentication Log in to the STRM Administration Console
Administrator Authentication Log out of the STRM Administration Console
Root Login Log in to STRM, as root
Log out of STRM, as root
Rules Adding a rule
Deleting a rule
Editing a rule
Sentry Adding a sentry
Editing a sentry
Deleting a sentry
Editing a sentry package
Editing sentry logic
User Accounts Adding an account
Editing an account
Deleting an account
User Roles Adding a role
Editing a role
Deleting a role
Sensor Devices Adding a sensor device
Editing a sensor device
Deleting a sensor device
Adding a sensor device group
Editing a sensor device group
Deleting a sensor device group
Sensor Device Extension Adding an sensor device extension
Editing the sensor device extension
Deleting a sensor device extension
Uploading a sensor device extension
Uploading a sensor device extension
successfully
Downloading a sensor device extension
Reporting a sensor device extension
Modifying a sensor devices association to a
device or device type.
STRM Administration Guide
Viewing STRM Audit Logs 7
Protocol Configuration Adding a protocol configuration
Deleting a protocol configuration
Editing a protocol configuration
Flow Sources Adding a flow source
Editing a flow source
Deleting a flow source
Offense Manager Hiding an offense
Closing an offense
Closing all offenses
TNC Recommendations Creating a recommendation
Editing a recommendation
Deleting a recommendation
Syslog Forwarding Adding a syslog forwarding
Deleting a syslog forwarding
Editing a syslog forwarding
Reports Adding a template
Deleting a template
Editing a template
Executing a template
Deleting a report
Groups Adding a group
Deleting a group
Editing a group
Backup and Recovery Editing the configuration
Initiating the backup
Completing the backup
Failing the backup
Deleting the backup
Synchronizing the backup
Cancelling the backup
Initiating the restore
Uploading a backup
Uploading an invalid backup
Deleting the backup
Table 1-3 Logged Actions
Category Action
STRM Administration Guide
8 OVERVIEW
Viewing the Log File To view the audit logs:
Step 1 Log in to STRM as root.
Step 2 Go to the following directory:
/var/log/audit
Step 3 Open the desired audit log file.
Each entry in the log file displays using the following format:
Note: The maximum size of any audit message (not including date, time, and host
name) is 1024 characters.
<date_time> <host name> <user>@<IP address> (thread ID)
[<category>] [<sub-category>] [<action>] <payload>
Where:
<date_time> is the date and time of the activity in the format: Month Date
HH:MM:SS.
<host name> is the host name of the Console where this activity was logged.
<user> is the name of the user that performed the action.
<IP address> is the IP address of the user that performed the action.
(thread ID) is the identifier of the Java thread that logged this activity.
<category> is the high-level category of this activity.
<sub-category> is the low-level category of this activity.
<action> is the activity that occurred.
<payload> is the complete record that has changed, if any. This may include a
user record or an event rule.
For example:
Nov 6 12:22:31 localhost.localdomain [email protected]
(Session) [Authentication] [User] [Login]
Scanner Adding a scanner
Deleting a scanner
Editing a scanner
Scanner Schedule Adding a schedule
Editing a schedule
Deleting a schedule
Asset Deleting all assets
License Adding a license key.
Editing a license key.
Table 1-3 Logged Actions
Category Action
STRM Administration Guide
Viewing STRM Audit Logs 9
Nov 6 12:22:31 localhost.localdomain [email protected] (0)
[Configuration] [User Account] [Account Modified]
username=james, password=/oJDuXP7YXUYQ, networks=ALL,
[email protected], userrole=Admin
Nov 13 10:14:44 localhost.localdomain [email protected] (0)
[Configuration] [FlowSource] [FlowSourceModified] Flowsource(
name="tim", enabled="true", deployed="false",
asymmetrical="false", targetQflow=DeployedComponent(id=3),
flowsourceType=FlowsourceType(id=6),
flowsourceConfig=FlowsourceConfig(id=1))
STRM Administration Guide
2
MANAGING USERS
This chapter provides information on managing STRM users including:
• Managing Roles
• Managing User Accounts
• Authenticating Users
You can add or remove user accounts for all users that you wish to access STRM.
Each user is associated with a role, which determines the privileges the user has
to functionality and information within STRM. You can also restrict or allow access
to areas of the network.
Managing Roles You must create a role before you can create user accounts. By default, STRM
provides a default administrative role, which provides access to all areas of STRM.
A user that has been assigned administrative privileges (including the default
administrative role) cannot edit their own account. Another administrative user
must make any desired changes.
Using the Administration Console, you can:
• Create a role. See Creating a Role.
• Edit a role. See Editing a Role
Creating a Role To create a role:
Step 1 In the Administration Console, click the System Configuration tab.
The System Configuration panel appears.
Step 2 Click the User Roles icon.
The Manage User Roles window appears.
Step 3 Click Create Role.
STRM Administration Guide
12 MANAGING USERS
Step 4 Enter values for the parameters. You must select at least one permission to
proceed.
Table 2-1 Create Roles Parameters
Parameter Description
Role Name Specify the name of the role. The name can be up to 15
characters in length and must only contain integers and
letters.
Administrator Select the check box if you wish to grant this user
administrative access to the STRM interface. Within the
administrator role, you can grant additional access to the
following:
• System Administrator - Select this check box if you wish
to allow users access to all areas of STRM except Views.
Also users with this access are not able to edit other
administrator accounts.
• Administrator Manager - Select this check box if you
wish to allow users the ability to create and edit other
administrative user accounts. If you select this check box,
the System Administrator check box is automatically
selected.
• Views Administrator - Select this check box if you wish
to allow users the ability to create, edit, or delete Views.
For example, the Application View and the Ports View.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196
  • Page 197 197
  • Page 198 198
  • Page 199 199
  • Page 200 200
  • Page 201 201
  • Page 202 202
  • Page 203 203
  • Page 204 204
  • Page 205 205
  • Page 206 206
  • Page 207 207
  • Page 208 208
  • Page 209 209
  • Page 210 210
  • Page 211 211
  • Page 212 212
  • Page 213 213
  • Page 214 214
  • Page 215 215
  • Page 216 216
  • Page 217 217
  • Page 218 218
  • Page 219 219
  • Page 220 220
  • Page 221 221
  • Page 222 222
  • Page 223 223
  • Page 224 224
  • Page 225 225
  • Page 226 226
  • Page 227 227
  • Page 228 228
  • Page 229 229
  • Page 230 230
  • Page 231 231
  • Page 232 232
  • Page 233 233
  • Page 234 234
  • Page 235 235
  • Page 236 236
  • Page 237 237
  • Page 238 238
  • Page 239 239
  • Page 240 240
  • Page 241 241
  • Page 242 242
  • Page 243 243
  • Page 244 244
  • Page 245 245
  • Page 246 246
  • Page 247 247
  • Page 248 248
  • Page 249 249
  • Page 250 250
  • Page 251 251
  • Page 252 252
  • Page 253 253
  • Page 254 254
  • Page 255 255
  • Page 256 256
  • Page 257 257
  • Page 258 258
  • Page 259 259
  • Page 260 260
  • Page 261 261
  • Page 262 262
  • Page 263 263
  • Page 264 264
  • Page 265 265
  • Page 266 266
  • Page 267 267
  • Page 268 268
  • Page 269 269
  • Page 270 270
  • Page 271 271
  • Page 272 272
  • Page 273 273
  • Page 274 274
  • Page 275 275
  • Page 276 276
  • Page 277 277
  • Page 278 278
  • Page 279 279
  • Page 280 280
  • Page 281 281
  • Page 282 282
  • Page 283 283
  • Page 284 284
  • Page 285 285
  • Page 286 286
  • Page 287 287
  • Page 288 288
  • Page 289 289
  • Page 290 290
  • Page 291 291
  • Page 292 292
  • Page 293 293
  • Page 294 294
  • Page 295 295
  • Page 296 296
  • Page 297 297
  • Page 298 298
  • Page 299 299
  • Page 300 300
  • Page 301 301
  • Page 302 302
  • Page 303 303
  • Page 304 304
  • Page 305 305
  • Page 306 306
  • Page 307 307
  • Page 308 308
  • Page 309 309
  • Page 310 310
  • Page 311 311
  • Page 312 312
  • Page 313 313
  • Page 314 314
  • Page 315 315
  • Page 316 316
  • Page 317 317
  • Page 318 318
  • Page 319 319
  • Page 320 320
  • Page 321 321
  • Page 322 322
  • Page 323 323
  • Page 324 324
  • Page 325 325
  • Page 326 326
  • Page 327 327
  • Page 328 328
  • Page 329 329
  • Page 330 330
  • Page 331 331
  • Page 332 332
  • Page 333 333
  • Page 334 334
  • Page 335 335
  • Page 336 336
  • Page 337 337
  • Page 338 338
  • Page 339 339
  • Page 340 340
  • Page 341 341
  • Page 342 342
  • Page 343 343
  • Page 344 344
  • Page 345 345
  • Page 346 346
  • Page 347 347
  • Page 348 348
  • Page 349 349
  • Page 350 350
  • Page 351 351
  • Page 352 352
  • Page 353 353
  • Page 354 354
  • Page 355 355
  • Page 356 356
  • Page 357 357
  • Page 358 358
  • Page 359 359
  • Page 360 360
  • Page 361 361
  • Page 362 362
  • Page 363 363
  • Page 364 364
  • Page 365 365
  • Page 366 366
  • Page 367 367
  • Page 368 368
  • Page 369 369
  • Page 370 370

Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Administration Manual

Category
Software
Type
Administration Manual

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI