How to use Juniper Security Threat Response Manager effectively.

By william.j.bolt ·
I've recently taken on the role as a Security Analyst and one of the tools that I am going to be using regularly is what I've stated in the question title.

What I'm currently looking to do is to build a query under the event section and apply the appropriate filers so I can see all the successful log in's and log offs that have occurred on each server. I also need to have failed attempts along with this. I've figured out that you can go under events, display log source and run a query on the past 24 hours. This gives me a nice graph and whatnot to see what's going on with our servers specifically. It also shows me a ton of events outside of what I want.

I can manually go through everything and filter the unwanted event names one by one but it can take forever when a server has roughly... an 1,300,000 event count.

Can anyone make any recommendations? Once I get all I need I can just save the criteria and run the same set of filters as a report in the future. Thanks!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Share your knowledge

Related Discussions

Related Forums