CSTRM – Configuring Security Threat Response Manager

Duration:   3 Days
Price:   $2395.00
Test Level:    1
Certifications:   No Certification
Exams:   No Exam

 
Course Overview
This three-day course discusses the configuration of Juniper Networks Security Threat Response Manager (STRM) in a typical network environment. Key topics include deploying an STRM device in the network, configuring flows, running reports, and troubleshooting.

Through demonstrations and hands-on labs, students will gain experience in configuring, testing, and troubleshooting the STRM device. This course uses the STRMV virtual appliance for the hands-on component based on STRM software release 2012.1R1.

Course Objective

  • Describe the hardware used with the STRM system
  • Identify the technology behind the STRM system
  • Identify the STRM system: display versus detection, and events versus traffic
  • Plan and prepare for a new installation
  • Access the administration console
  • Configure the network hierarchy
  • Configure the automatic update process
  • Access the Deployment Editor
  • Describe the STRM system’s internal processes
  • Describe event and flow source configuration
  • Describe the STRM system’s processing logic
  • Access the Log Activity interface
  • Execute Event searches
  • Configure the Network Activity interface
  • View Asset Profile data
  • Server Discovery
  • Access the Vulnerability Assessment Scan Manager to produce vulnerability assessments (VAs)
  • Configure rules
  • Configure Building Blocks
  • Access the Offense Manager interface
  • Configure Offense actions
  • Use the STRM system’s Reporting functionality to produce graphs and reports
  • Navigate the Reporting interface
  • View Report formats
  • Maintaining and troubleshooting the STRM system
  • Navigate the STRM dashboard
  • List flow and event troubleshooting process
  • Configure Event Collection for Junos devices
  • Configure Flow Collection for Junos devices
  • Explain High Availability (HA) functionality on an STRM device

Course Outline
Day 1

Chapter 2: Product Overview

  • Overview of the STRM Series Device
  • Hardware
  • Collection
  • Operational Flow

Chapter 3: Initial Configuration

  • A New Installation
  • Administration Console
  • Platform Configuration
  • Deployment Editor

Chapter 4: Architecture

  • Processing Log Activity
  • Processing Network Activity
  • STRM Deployment Options

Chapter 5: Log Activity

  • Log Activity Overview
  • Configuring Log Activity

Day 2

Chapter 6: Network Activity

  • Network Activity Overview
  • Configuring Network Activity

Chapter 7: Assets and Vulnerability Assessment

  • Asset Interface
  • Vulnerability Assessment
  • Vulnerability Scanners

Chapter 8: Rules

  • Rules
  • Configure Rules and Building Blocks

Chapter 9: Offense Manager

  • Offense Manager
  • Offense Manager Configuration
  • Offense Investigation

Day 3

Chapter 10: Reporting

  • Reporting Functionality
  • Reporting Interface

Chapter 11: Basic Tuning and Troubleshooting

  • Basic Tuning
  • Troubleshooting

Chapter 12: Configuring Junos Devices for Use with STRM

  • Collecting Junos Events
  • Collecting Junos Flows

Appendix A: High Availability

Prerequisites
This course assumes that students have basic networking knowledge and experience in the following areas:

  1. Understanding of TCP/IP operation
  2. Understanding of network security concepts
  3. Experience in network security administration

All courses are available as open-enrollment Classroom events, instructor-led Live Virtual Classes, REAL-ILT™ or as custom Onsite Training for up to 16 students.