pointing IPS/IDS sensors to a 3rd party

Brent Rockburn · ‎08-14-2008

Hey guys, this is probably a simple question but for some reason I can't find a simple answer.

I'm testing out a Juniper STRM 2500 box and need to point my 4 IDS/IPS sensors to it so it can collect the data and so on. Is there a command to forward events onto the 3rd party device or do I simply set the logging (syslog type) to send to the juniper box.

Thanks in advance.

rhermes · ‎08-14-2008

Unless the Juniper STRM can act as an SDEE client (some SIMs can), you'll have to enable the SNMP action on each signature you wish to have report and point your SNMP traps at the Juniper STRM IP address.

Brent Rockburn · ‎08-18-2008

The STRM Juniper box does do SDEE but how do you configure SDEE on the 4215 sensor? It does give the option for a 3rd party interface but it seems more like it wants to receive information and not send it. Any tips would help.

rhermes · ‎08-18-2008

The sensor is an SDEE server, configure the sensor to allow the STRM's IP address and give the sensor login/password to your STRM box and let STRM connect to the sensor.

The STRM box will have to request the event data from the sensor.