Alerting for Juniper SA



  • Hello,

    we have a juniper SA2000 for more than a year now and all works fine, but does ist really?

    How can we notice whether access is attacked or an attacker try to find vulnerabilities?

    Syslogging is perhaps a good way, but are that entries enough to observe this and which tool do you use for alerting in combination with syslog?

    A lot of questions but I hope someone can help me to find answers for one or all of those.

    Thanks.

    Pascal



  • Don’t know what your topology looks like, but you could stick a sensor in front of it.  However, you’ll probably find it gets swept fairly often as anything with an external IP does, so this may not tell you much.  If you have a firewall behind it, you can keep an eye its communication back into your network and see if anything looks out of place.
    -Javier


 

26
Online

38.4k
Users

12.7k
Topics

44.5k
Posts