From Juniper SRX SG IDPS Security Technical Implementation Guide
Part of SRG-NET-000113-IDPS-00013
Associated with: CCI-000169
Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one.
To verify that the configuration is working properly, use the following command: [edit] show security alarms View the configured alarms to verify at least one option for potential-violation is set to “idp”. If a potential-violation alarm is not defined for “idp”, this is a finding.
A Routing Engine configuration option allows the enabling and disabling of IDP alarms. By default, the IDP attack event triggers the current logs without raising any alarms. When the option is set and the system is configured appropriately, the IDP logs on the Packet Forwarding Engine will be forwarded to Routing Engine, which then parses the IDP attack logs and raises IDP alarms as necessary. To enable an IDP alarm, use the set security alarms potential-violation idp command. To turn on logging, you must first turn on notification to log attacks: set security idp idp-policy recommended rulebase-ips rule-1 then notification log-attacks Configure Syslog (adding to the firewall stanza). syslog { file IDP_Log { any any; match RT_IDP;
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer