Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to create an Application in STRM.

0

0

Article ID: KB14875 KB Last Updated: 12 Aug 2009Version: 1.0
Summary:
How to create an application in STRM. 

The Applications feature enables STRM  to classify applications used in a flow and is useful when investigating various types of security threats using the Offense Manager, Event Viewer, or the Flow Viewer.
Solution:

 Define the Application

(Note: This information can also be found in the STRM Administration Guide - Managing Application Views)
  1. Click Config after logging into the STRM box via the web.
  2. In the Administration Console, click the Views Configuration tab. The Views Configuration panel appears.
  3. Click the Application icon.
  4. Click Add. The Add New Object window appears.
  5. Enter values for the following parameters:
    Group - Select the group for this object. Using the drop-down list box, select a group or click Add Group to add a new group.

    Name - Specify the name for the object.

    Weight - Specify the object weight or use the arrows to change the existing numeric value. The range is 1 to 100.

    AppsIDs - Specify the application ID for the object or use the arrows to change the existing numeric value. Click Add.
    Note: The applications identification must be defined in the mapping file before adding to this object. For more information on the mapping file, see the STRM Default Application Configuration Guide.
    Description - Specify a description for this object.

    Color - Specify a color for this object. Enter the RGB alpha-numeric value or click Select Color to access the color palette.

    Database Length - Using the drop-down list box, select the database length.
  6. Click Save.
  7. Click Return.
  8. Close the Applications View window.
  9. From the Administration Console menu, select Configuration > Deploy Configuration Changes.

 Map traffic to the Application

(Note:  This information is also documented in the STRM Application Configuration Guide - Defining Application Mapping and Defining Application Signatures sections.)

Defining Application Mapping:
  1. Using Secure Shell (SSH), log into STRM.
  2. Open the following file: /store/configservices/staging/globalconfig/user_application_mapping.conf
    Note: To edit the name of the user_application_mapping.conf file, you can edit the User Application Mapping parameter in the Flow Processor configuration window.  For more information, see the STRM Administration Guide. If the user_application_mapping.conf does not exist in your system, create the file and
    place the empty file in the following directory:

    /store/configservices/staging/globalconfig/user_application_mapping.conf
  3. Update the file, as necessary.  When updating the file, note the following:
    This line is a tab delimited file. Here is an example:.

    15001 *:* *:8321 Example application

    The format of the entry must resemble the following:
    <New ID> <Old ID> <Source IP Address>:<Source Port> <Dest IP Address>:<Dest Port> <Name>

    See the STRM Application Configuration Guide for an explanation of the these entries.
  4. Save and exit the file.
  5. Log into STRM.
  6. Click Config to access the Administration Console.
  7. If necessary, edit your Application View.
  8. From the menu, select Configurations > Deploy configuration changes. The Deploy configuration changes window appears.
  9. Click Close. You have successfully deployed your changes.
    Example of a mapping file:

    This is used if you are referencing an existing application on the STRM box.
    15000 1010 10.100.100/24,10.100.50.10:* 172.14.33.33:80,443 AllowedWebTypeA
    15000 1010 10.100.30/24:* 172.14.33.20:80 AllowedWebTypeA


    Here is how to set up a new Mapping of an application with no old ID
    15100 * *:33333 64.35.20/24,64.33/16,64.77.34.12:33333,33350-33400 GameX
    15100 1,34803,34809 *:33333 *:33333,33350-33400 GameX

Defining Application Signatures: 
  1. Using SSH, log into STRM.
  2. Enter the following: cd /store/configservices/staging/globalconfig
  3. Open the following file: signatures.xml
  4. Make the necessary changes using the following parameters  (Note: View the STRM application guide for the meaning and use of each parameter).
    appid dstip
    appname dstport
    groupname commondstport
    description scrcontent offset
    revision dstcontent offset
    protocol
    srcip
    srcport
  5. Save and exit the file.
  6. Log into STRM.
  7. Create, edit, or reconfigure your application changes.
    Note: For information about creating or editing views, look the top of this KB to see how to create a view (Define Application Views).
  8. From the menu, select Configurations > Deploy configuration changes.  The Deploy configuration changes window appears.
  9. Click Close.  You have successfully deployed your changes.
    Here is an example of the signatures.xml file
    <signatures>
    <signature>
    <appid>1009</appid>
    <appname>IMAP</appname>
    <groupname>Mail</groupname>
    <colour>#ff0000</colour>
    <description>IMAP traffic</description>
    <revision>1</revision>
    <protocol>TCP</protocol>
    <srcip>any</srcip>
    <srcport>any</srcport>
    <dstip>any</dstip>
    <dstport>any</dstport>
    <commondstport>143</commondstport>
    <srccontent offset="0" depth="128" ignorecase="true">LOGIN</srccontent>
    <dstcontent offset="0" depth="5">* OK</dstcontent>
    <weight>30</weight>
    </signature>
    </signatures>

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search