STRM Installation Guide
Additional Hardware Requirements
7
from STRM and distributes to the appropriate area, depending on the type of
event. The Event Processor also includes information gathered by STRM to
indicate any behavioral changes or policy violations for the event. Rules are
applied to the events that allow the Event Processor to process according to the
configured rules. Once complete, the Event Processor sends the events to the
Magistrate.
•
Magistrate
- Provides the core processing components. You can add one
Magistrate component for each deployment. The Magistrate provides views,
reports, alerts, and analysis of network traffic and security events. The
Magistrate processes the event against the defined custom rules to create an
offense. If no custom rules exist, the Magistrate uses the default rules to
process the event. An offense is an event that has been processed through
STRM using multiple inputs, individual events, and events combined with
analyzed behavior and vulnerabilities. Magistrate prioritizes the offenses and
assigns a magnitude value based on several factors, including number of
events, severity, relevance, and credibility.
Additional
Hardware
Requirements
Before installing your STRM systems, make sure you have access to the additional
hardware components:
•
Monitor and keyboard or a serial console
•
To make sure that your STRM data is preserved during a power failure, we
highly recommend that all STRM appliances or systems running STRM
software storing data (such as, Consoles, Event Processors, or Flow
Processors) be equipped with a Uninterrupted Power Supply (UPS).
Additional Software
Requirements
Before installing STRM, make sure you have Java Runtime Environment installed
on your system. You can download Java version 1.5.0_12 at the following web
site: http://java.com/.
Browser Support
You must have a browser installed on your client system to access the STRM
interface. STRM supports the following web browsers:
-
Microsoft Internet Explorer 6.0/7.0
-
Firefox 2.0
Preparing Your
Network Hierarchy
STRM uses the network hierarchy to understand your network traffic and provide
you with the ability to view network activity for your entire deployment. STRM
supports any network hierarchy that can be defined by a range of IP addresses.
You can create your network based on many different variables, including
geographical or business units. For example, your network hierarchy may include
corporate IP address ranges (internal or external), physical departments or areas,
mails servers, and web servers.
