Monitoring Attacks

Purpose

Use the monitoring functionality to view the Attacks page.

Action

To monitor attacks, select Monitor>Security>IDP>Attacks in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.

Or

Select Monitor>Security>IPS>Attacks in the J-Web user interface.

Meaning

Table 50 summarizes key output fields in the attacks page.

Table 50: Attacks Monitoring Page

Field

Description

Additional Information

Enable Log

An option to enable event logs.

Click Enable Log to enable logs.

Clear Log

An option to clear all the logs that is created during the session.

Click Clear Log.

Refresh interval (sec)

Displays the time interval, in seconds, set for page refresh. The default interval is 30 seconds

Select the time interval from the list.

Refresh

Displays the option to refresh the page. If Manual option is set, then manually click the Refresh button to refresh the page.

Click Refresh to refresh the page.

Clear

Provides an option to clear the data of the status type.

Click Clear to clear the details.

Attack Table

Filter By Attack Name

Specifies the string to search.

Enter the string and then click Go to execute the searching operation.

Clear

Provides an option to disable the searching operation and show all results.

Click Clear to show all results.

Active IDP policy

Displays active IDP policy that is used in the session.

Attack Name

Displays the kind of attacks in the attack table. Double click on Attack Name, Attack Details are displayed.

The available options are:

  • Display Name — Displays the name of the attack.
  • Severity — Displays the severity of the attack.
  • Category — Displays the category of attack in which the attacks are placed.
  • Recommended — Displays True or false to determined whether recommended or not.
  • Recommended Option — Displays a recommended action, when the security device detects an attack.
  • Type — Displays the type of attack.
  • Direction — Displays the connection direction of the attack.
  • False positives — Specifies the name of the false positives filter.
  • Services — Displays the service name.

Double click Attack Name.

Severity

Displays the severity of the attack. The severity levels are: critical, info, minor, major and warning.

Hits

Displays the count of hits. Double click on hits count, Attack Records are displayed.

The available options are:

  • Filter Log— To filter the attack records.
  • Go— To execute searching operation.
  • Clear— To clear the attack records.

Double click hits count, and then select an option.

Top N Attack Hits

Displays statistics about hits and shows top 10 hits.

Description

Displays information about attack.

Related Documentation

Copyright© 2017 Juniper Networks, Inc. All rights reserved.