Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Juniper DDoS Secure

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
 Syslog DDoS Alerts Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "juniper-ddos" to see the event types associated with this device. 

  • Juniper-DDoS-Secure-WorstOffender
  • Juniper-DDoS-Secure-Blacklisted
  • Juniper-DDoS-Secure-Generic

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

Configure the device to send syslog to FortiSIEM. Make sure that the event matches the format specified below.

<134>Juniper: End : 117.217.141.32 : IND: Worst Offender: Last Defended 66.145.37.254: TCP Attack - Port Scan (Peak 55/s, Occurred 554)
<134>Juniper: End : 78.143.172.52 : IRL: IP Address Temp Black-Listed (Valid IP) Exceeds SYN + RST + F2D Count (Peak 114/s, Dropped 83.5K pkts)

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Juniper DDos Secure
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

Juniper DDoS Secure

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
 Syslog DDoS Alerts Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "juniper-ddos" to see the event types associated with this device. 

  • Juniper-DDoS-Secure-WorstOffender
  • Juniper-DDoS-Secure-Blacklisted
  • Juniper-DDoS-Secure-Generic

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

Configure the device to send syslog to FortiSIEM. Make sure that the event matches the format specified below.

<134>Juniper: End : 117.217.141.32 : IND: Worst Offender: Last Defended 66.145.37.254: TCP Attack - Port Scan (Peak 55/s, Occurred 554)
<134>Juniper: End : 78.143.172.52 : IRL: IP Address Temp Black-Listed (Valid IP) Exceeds SYN + RST + F2D Count (Peak 114/s, Dropped 83.5K pkts)

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Juniper DDos Secure
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration