TechLibrary

Navigation Back up to About Overview

ContentIndex

[+] Expand All

[-] Collapse All

Junos OS Release 12.3X48 Feature Guide
- New Features in Junos OS Release 12.3X48-D30
  - Integrated ClearPass Authentication and Enforcement
    - Understanding SRX Series Integrated ClearPass Authentication and Its Component Functions
      - Understanding the SRX Series Integrated ClearPass Authentication and Enforcement Feature
        Why You Need to Protect Your Environment With the SRX Series Integrated ClearPass Authentication and Enforcement Feature
        How the SRX Series Integrated ClearPass Authentication and Enforcement Feature Can Protect Your Network Environment
      - SRX Series Supported Platforms for the Integrated ClearPass Authentication and Enforcement Feature
      - Understanding How ClearPass Initiates a Session and Communicates User Authentication Information to the SRX Series Device Using the Web API
        Web API
        ClearPass Authentication Table
        Using HTTPS or HTTP for the Connection Protocol Between ClearPass and the SRX Series Device
        Ensuring the Integrity of Data Sent from ClearPass to the SRX Series Device
        Data Size Restrictions and Other Constraints
        Posture States and the Posture Group
      - Understanding Enforcement of ClearPass User and Group Authentication on the SRX Series Devices
        Understanding How the SRX Series Device Manages the ClearPass Authentication Table
        User Authentication Entries in the ClearPass Authentication Table
        Communication Between ClearPass and the SRX Series Device
        Understanding Domains and Interested Groups
        When a User Has Already Been Authenticated By Another Source
      - Understanding the Integrated ClearPass Authentication and Enforcement User Query Function
      - Understanding How the Integrated ClearPass Feature Detects Threats and Attacks and Notifies the CPPM
      - SRX Series Threat and Attack Logs Sent to Aruba ClearPass
    - Integrated ClearPass Authentication and Enforcement Examples
    - Integrated ClearPass Authentication and Enforcement CLI Configuration Statements
    - Integrated ClearPass Authentication and Enforcement CLI Operational Commands
- New Features in Junos OS Release 12.3X48-D20
- New Features in Junos OS Release 12.3X48-D15
- Requesting Technical Support
- Revision History

No index entries found.

Download This Guide

Download this guide: Junos OS Release 12.3X48 Feature Guide

SRX Series Threat and Attack Logs Sent to Aruba ClearPass

The SRX Series integrated ClearPass authentication and enforcement feature collaborates with Aruba ClearPass in protecting a company’s resources against potential and actual attacks through use of attack and threat event logs. These logs that are generated by the SRX Series SCREENS, IDP, and UTM components clearly identify the types of attacks and threats that threaten a company’s network security.

The SRX Series device filters from the overall log entries the logs that report on threat and attack events, and it forwards these log entries to the ClearPass Policy Manager (CPPM) to be used in assessing and enforcing the company’s security policy. The SRX Series device transmits the logs in volumes determined by the rate-limiting conditions that you set.

Table 5 identifies the types of threat and attack log entries and the events that they represent.

Table 5: Threat and Attack Log Entries Generated by SRX Series Components

Log Type	Description
RT_SCREEN_ICMP	ICMP attack
RT_SCREEN_ICMP_LS	ICMP attack
RT_SCREEN_IP	IP attack
RT_SCREEN_IP_LS	IP attack
RT_SCREEN_TCP	TCP attack
RT_SCREEN_TCP_LS	TCP attack
RT_SCREEN_TCP_DST_IP	TCP destination IP attack
RT_SCREEN_TCP_DST_IP_LS	TCP destination IP attack
RT_SCREEN_TCP_SRC_IP	TCP source IP attack
RT_SCREEN_TCP_SRC_IP_LS	TCP source IP attack
RT_SCREEN_UDP	UDP attack
RT_SCREEN_UDP_LS	UDP attack
AV_VIRUS_DETECTED_MT	Virus infection A virus was detected by the antivirus scanner.
AV_VIRUS_DETECTED_MT_LS
ANTISPAM_SPAM_DETECTED_MT	spam The identified e-mail was detected to be spam.
ANTISPAM_SPAM_DETECTED_MT_LS	spam The identified e-mail was detected to be spam.
IDP_APPDDOS_APP_ATTACK_EVENT	Application-level distributed denial of Service (AppDDoS) attack The AppDDoS attack occurred when the number of client transactions exceeded the user-configured connection, context, and time binding thresholds.
IDP_APPDDOS_APP_ATTACK_EVENT_LS
IDP_APPDDOS_APP_STATE_EVENT	AppDDoS attack The AppDDoS state transition occurred when the number of application transactions exceeded the user-configured connection or context thresholds.
IDP_APPDDOS_APP_STATE_EVENT_LS
IDP_ATTACK_LOG_EVENT	Attack discovered by IDP IDP generated a log entry for an attack.
IDP_ATTACK_LOG_EVENT_LS

TechLibrary

Download This Guide

Related Documentation

SRX Series Threat and Attack Logs Sent to Aruba ClearPass

Related Documentation

Modified: 2016-05-01