Juniper Networks :: Technical Documentation :: Configuring Attack Types in the Database

Download PDFs
Configuring Attack Types in the Database

Related Topics
Overview of the Threat Mitigation Application
Configuring a Database to Store Attack and Response Data
ATTACK_TYPE Attributes Used by the Threat Mitigation Application
ATTACK_TYPE_CANDIDATE_ACTION Attributes Used by the Threat Mitigation Application

Configuring Attack Types in the Database

The ATTACK_TYPE table contains data about all the attacks that NetScreen-Security Manager is expected to send to the Threat Mitigation Application. Attacks are considered to be the same attack type if their category, subcategory, and definingAttributes values are the same.

Note: The ATTACK_TYPE table must contain a special attack type with category and subcategory values of DEFAULT to respond to attacks that do not match a configured attack type.

The entry in the /opt/UMC/conf/thma/etc/<database>/data.sql file contains the attributes in the format:



INSERT INTO ATTACK_TYPE 
VALUES ('<category>', '<subcategory>', '<definingAttributes>',
'<description>');

For example:



INSERT INTO ATTACK_TYPE 
VALUES ('DEFAULT', 'DEFAULT', 'srcAddr', 'There is no specific
information for this type of attack.');