Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

SRX Series Threat and Attack Logs Sent to Aruba ClearPass

The SRX Series integrated ClearPass authentication and enforcement feature collaborates with Aruba ClearPass in protecting a company’s resources against potential and actual attacks through use of attack and threat event logs. These logs that are generated by the SRX Series SCREENS, IDP, and UTM components clearly identify the types of attacks and threats that threaten a company’s network security.

The SRX Series device filters from the overall log entries the logs that report on threat and attack events, and it forwards these log entries to the ClearPass Policy Manager (CPPM) to be used in assessing and enforcing the company’s security policy. The SRX Series device transmits the logs in volumes determined by the rate-limiting conditions that you set.

Table 5 identifies the types of threat and attack log entries and the events that they represent.

Table 5: Threat and Attack Log Entries Generated by SRX Series Components

Log Type

Description

RT_SCREEN_ICMP

ICMP attack

RT_SCREEN_ICMP_LS

RT_SCREEN_IP

IP attack

RT_SCREEN_IP_LS

RT_SCREEN_TCP

TCP attack

RT_SCREEN_TCP_LS

RT_SCREEN_TCP_DST_IP

TCP destination IP attack

RT_SCREEN_TCP_DST_IP_LS

RT_SCREEN_TCP_SRC_IP

TCP source IP attack

RT_SCREEN_TCP_SRC_IP_LS

RT_SCREEN_UDP

UDP attack

RT_SCREEN_UDP_LS

AV_VIRUS_DETECTED_MT

Virus infection

A virus was detected by the antivirus scanner.

AV_VIRUS_DETECTED_MT_LS

ANTISPAM_SPAM_DETECTED_MT

spam

The identified e-mail was detected to be spam.

ANTISPAM_SPAM_DETECTED_MT_LS

IDP_APPDDOS_APP_ATTACK_EVENT

Application-level distributed denial of Service (AppDDoS) attack

The AppDDoS attack occurred when the number of client transactions exceeded the user-configured connection, context, and time binding thresholds.

IDP_APPDDOS_APP_ATTACK_EVENT_LS

IDP_APPDDOS_APP_STATE_EVENT

AppDDoS attack

The AppDDoS state transition occurred when the number of application transactions exceeded the user-configured connection or context thresholds.

IDP_APPDDOS_APP_STATE_EVENT_LS

IDP_ATTACK_LOG_EVENT

Attack discovered by IDP

IDP generated a log entry for an attack.

IDP_ATTACK_LOG_EVENT_LS

Related Documentation

Modified: 2016-05-01