STIGQter STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:

The Juniper Networks SRX Series Gateway IDPS must provide audit record generation with a configurable severity and escalation level capability.

DISA Rule

SV-80877r1_rule

Vulnerability Number

V-66387

Group Title

SRG-NET-000113-IDPS-00189

Rule Version

JUSX-IP-000004

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Example configuration to set the severity level on the IDP rules:

Define an attack as match criteria.
[edit security idp idp-policy base-policy rulebase-ips rule R1]
set match attacks predefined-attack-groups "TELNET-Critical"

Specify an action for the rule.
[edit security idp idp-policy base-policy rulebase-ips rule R1]
set then action drop-connection

Specify notification and logging options for the rule.
[edit security idp idp-policy base-policy rulebase-ips rule R1]
set then notification log-attacks alert

Set the severity level for the rule.

[edit security idp idp-policy base-policy rulebase-ips rule R1]

set then severity critical

Check Contents

Use the following command to view the IDP rules:

[edit]
show security idp status

The IDP traffic log can also be inspected to verify that IDP detection events contain a severity level in the log record.

If active IDP rules exist that do not include a severity level, this is a finding.

Vulnerability Number

V-66387

Documentable

False

Rule Version

JUSX-IP-000004

Severity Override Guidance

Use the following command to view the IDP rules:

[edit]
show security idp status

The IDP traffic log can also be inspected to verify that IDP detection events contain a severity level in the log record.

If active IDP rules exist that do not include a severity level, this is a finding.

Check Content Reference

M

Target Key

3037

Comments