IDP Rulebase Example: Using Recommended Actions
This example demonstrates the usefulness of Juniper Networks Security Center
(J-Security Center) recommended actions.
When you specify a rule action, you have the option to specify:
■
No action
■
A specific action
■
The value Recommended
Recommended actions are coded in the predefined attack object by the J-Security
Center team. The J-Security Center team codes a recommended action in all
predefined attack objects, not just the recommended attack objects. When you use
the recommended action, you leverage the experience and expertise of the J-Security
Center team.
Figure 1 shows an IDP rulebase rule with action set to Recommended.
Figure 1: Recommended Action
When you update the NSM attack database, any changes to recommended actions
are also automatically updated.
When you get started with IDP, you should use the recommended actions and enable
notification for rule matches. If you find these settings meet your needs, you can
turn off logging (at your discretion). If you find you prefer a different action, you can
specify a different action.
IDP Rulebase Example: Using Recommended Actions
■
1
Related Topics
The following related topics are included in the IDP Concepts and Examples Guide.
■
Understanding IDP Rulebase Actions
■
Understanding the IDP Rulebase
Published: 2010-01-12
2
■
IDP Rulebase Example: Using Recommended Actions