pointing IPS/IDS sensors to a 3rd party

Unanswered Question
Aug 14th, 2008
User Badges:

Hey guys, this is probably a simple question but for some reason I can't find a simple answer.


I'm testing out a Juniper STRM 2500 box and need to point my 4 IDS/IPS sensors to it so it can collect the data and so on. Is there a command to forward events onto the 3rd party device or do I simply set the logging (syslog type) to send to the juniper box.


Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
rhermes Thu, 08/14/2008 - 10:39
User Badges:
  • Gold, 750 points or more

Unless the Juniper STRM can act as an SDEE client (some SIMs can), you'll have to enable the SNMP action on each signature you wish to have report and point your SNMP traps at the Juniper STRM IP address.

Brent Rockburn Mon, 08/18/2008 - 06:03
User Badges:

The STRM Juniper box does do SDEE but how do you configure SDEE on the 4215 sensor? It does give the option for a 3rd party interface but it seems more like it wants to receive information and not send it. Any tips would help.

rhermes Mon, 08/18/2008 - 08:04
User Badges:
  • Gold, 750 points or more

The sensor is an SDEE server, configure the sensor to allow the STRM's IP address and give the sensor login/password to your STRM box and let STRM connect to the sensor.

The STRM box will have to request the event data from the sensor.

Actions

This Discussion