Juniper Secure Analytics

Transcription

1 Juniper Secure Analytics Administration Guide Release Modified: Copyright 206, Juniper Networks, Inc.

2 Juniper Networks, Inc. Innovation Way Sunnyvale, California USA Copyright 206, Juniper Networks, Inc. All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Juniper Secure Analytics Administration Guide Copyright 206, Juniper Networks, Inc. All rights reserved. The information in this document is current as of the date on the title page. YEAR 2000 NOTICE Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 208. However, the NTP application is known to have some difficulty in the year 206. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at By downloading, installing or using such software, you agree to the terms and conditions of that EULA. ii Copyright 206, Juniper Networks, Inc.

3 Table of Contents About the Documentation xv Documentation and Release Notes xv Documentation Conventions xv Documentation Feedback xvii Requesting Technical Support xviii Self-Help Online Tools and Resources xviii Opening a Case with JTAC xviii Part JSA Administration Chapter Overview Supported Web Browsers Admin Tab Overview Deploying Changes Updating User Details Resetting SIM Monitoring Systems With SNMP Managing Aggregated Data Views Chapter 2 User Management User Management Overview Role Management Creating a User Role Editing a User Role Deleting a user role Managing Security Profiles Permission Precedences Creating a Security Profile Editing a Security Profile Duplicating a Security Profile Deleting a Security Profile User Account Management Creating a User Account Editing a User Account Deleting a User Account Authentication Management Authentication Overview Before you Begin Configuring System Authentication Configuring RADIUS Authentication Configuring TACACS Authentication Copyright 206, Juniper Networks, Inc. iii

4 Juniper Secure Analytics Administration Guide Configuring Active Directory Authentication Configuring LDAP Authentication Configuring Your SSL or TLS certificate User Role Parameters Security Profile Parameters User Management window parameters User management Window Toolbar User Details Window Parameters Chapter Managing the System and Licenses System and Licenses Management Overview System and License Management Window Overview Managing License Uploading a License Key Allocating a License to a System Reverting an Allocation Viewing License Details Exporting a License System Management Viewing System Details Allocating a System to a License Restarting a System Shutting Down a System Exporting System Details Access Setting Management Configuring Firewall Access Updating Your Host Setup Configuring Interface Roles Changing Passwords Time Server Configuration Configuring Your Time Server Using RDATE Manually Configuring Time Settings for Your System Chapter 4 User Information Source Configuration Information Source Configuration Overview Understanding User Information Source User Information Sources Reference Data Collections for User Information Integration Workflow Example User Information Source Configuration and Management Task Overview Configuring the Tivoli Directory Integrator Server Creating and Managing User Information Source Creating a User Information Source Retrieving User Information Sources Editing a User Information Source Deleting a User Information Source Collecting User Information iv Copyright 206, Juniper Networks, Inc.

5 Table of Contents Chapter 5 Set up JSA Network Hierarchy Acceptable CIDR Values Defining Your Network Hierarchy Configuring Automatic Updates Viewing Pending Updates Configuring Automatic Update Settings Scheduling an Update Clearing Scheduled Updates Checking for New Updates Manually Installing Automatic Updates Viewing your Update History Restoring Hidden Updates Viewing the Autoupdate Log Set up a JSA Update Server Configuring your Update Server Configuring your JSA Console as the Update Server Adding New Updates Configuring System Settings Configuring your IF-MAP Server Certificates Configuring IF-MAP Server Certificate for Basic Authentication Configuring IF-MAP Server Certificate for Mutual Authentication Data Retention Configuring Retention Buckets Managing Retention Bucket Sequence Editing a Retention Bucket Enabling and Disabling a Retention Bucket Deleting a Retention Bucket Configuring System Notifications Configuring the Console Settings Custom Offense Close Reasons Adding a Custom Offense Close Reason Editing Custom Offense Close Reason Deleting a Custom Offense Close Reason Managing Index Enabling Indexes Chapter 6 Managing Reference Sets Reference Set Management Overview Adding a Reference Set Editing a Reference Set Deleting Reference Sets Viewing the Contents of a Reference Set Adding an Element to a Reference Set Deleting Elements from a Reference Set Importing Elements into a Reference Set Exporting Elements from a Reference Set Copyright 206, Juniper Networks, Inc. v

6 Juniper Secure Analytics Administration Guide Chapter 7 Reference Data Collections Using Reference Data Collections CSV File Requirements for Reference Data Collections Creating a Reference Data Collection Reference DataUtil.sh Command Reference Create Update Add Delete Remove Purge List Listall Load Chapter 8 Managing Authorized Services Understanding Authorized Services Viewing Authorized Services Adding an Authorized Service Revoking Authorized Services Customer Support Authenticated Service Dismiss an Offense Close an Offense Add Notes to an Offense Chapter 9 Managing Backup and Recovery Understanding Backup and Recovery Components Managing Backup Archive Viewing Backup Archives Importing a Backup Archive Deleting a Backup Archive Backup Archive Creation Scheduling Nightly Backup Creating an On-Demand Configuration Backup Archive Backup Archive Restoration Restoring a Backup Archive Restoring a Backup Archive Created on a Different JSA System Restoring Data Verifying Restored Data Chapter 0 Deployment Editor Deployment Editor Requirements Deployment Editor Views System View Event View vi Copyright 206, Juniper Networks, Inc.

7 Table of Contents Configuring Deployment Editor Preferences Building your Deployment Event View Management Juniper Secure Analytics Components Flow Processor Event Collector Off-site Source Off-site Target Magistrate Process to build your Event View Adding Components Connecting Components Forwarding Normalized Events and Flows Events Renaming Components Managing System View Overview of the System View Page Software Compatibility Requirements for Console and Non-Console Hosts Enabling Encryption Adding a Managed Host Editing a Managed Host Removing a Managed Host Configuring a Managed Host Assigning a Component to a Host Configuring Host Context Configuring an Accumulator Managing NAT Adding a NAT-enabled Network to JSA Editing a NAT-enabled Network Deleting a NAT-enabled Network from JSA Changing the NAT Status for a Managed Host Component Configuration Configuring a Flow Processor Configuring an Event Collector Configuring an Event Processor Configuring the Magistrate Configuring an Off-site Source Configuring an Off-site Target Chapter Managing Flow Sources Flow Sources Overview NetFlow IPFIX sflow J-Flow Packeteer Flowlog file Adding or Editing a Flow Source Enabling and Disabling a Flow Source Copyright 206, Juniper Networks, Inc. vii

8 Juniper Secure Analytics Administration Guide Deleting a Flow Source Managing Flow Source Aliases Adding or Editing a Flow Source Alias Deleting a Flow Source Alias Chapter 2 Remote Networks and Services Configuration Default Remote Network Groups Default Remote Service Groups Guidelines for Network Resources Managing Remote Networks Objects Managing Remote Services Objects Chapter Server Discovery Discovering Servers Chapter 4 Data Forwarding Data Forwarding Overview Forwarding Destinations Configuration process for forwarding data Adding Forwarding Destinations Configuring Routing Rules for Bulk Forwarding Configuring Selective Forwarding Customizing the Forwarding Profile Viewing Forwarding Destinations Viewing and Managing Forwarding Destinations Viewing and Managing Routing Rules Chapter 5 Event Store and Forward Managing Schedules for Forwarding Events Store and Forward Overview Viewing the Store and Forward Schedule List Creating a New Store and Forward Schedule Editing a Store and Forward Schedule Deleting a Store and Forward Schedule Chapter 6 Data Obfuscation Configuring and Managing Obfuscated Data Generating a Private/Public Key Pair Configuring Data Obfuscation Decrypting Obfuscated Data Obfuscating JSA Asset Profile Data After Upgrade Chapter 7 Content Management Tool Content Management Tool Overview Exporting Custom Content Importing Content Updating Content During Import Searching Custom Content Chapter 8 Audit Logs Viewing the Audit Log File Logged Actions viii Copyright 206, Juniper Networks, Inc.

9 Table of Contents Chapter 9 Event Categories Recon DoS Authentication Access Exploit Malware Suspicious Activity System Policy Unknown CRE Potential Exploit User Defined VIS Host Discovery Application Audit Control Asset Profiler Chapter 20 Ports Used by JSA Overview of Common Ports Used by JSA Ports and iptables SSH communication on port JSA Ports Searching for Ports in Use by JSA Viewing IMQ Port Associations Glossary Part 2 Index Index Copyright 206, Juniper Networks, Inc. ix

10 Juniper Secure Analytics Administration Guide x Copyright 206, Juniper Networks, Inc.

11 List of Tables About the Documentation xv Table : Notice Icons xvi Table 2: Text and Syntax Conventions xvi Part JSA Administration Chapter Overview Table : Supported Web Browsers Table 4: Admin Tab Menu Options Table 5: Main User Detail Interface Table 6: SIM Resetting Options Chapter 2 User Management Table 7: Security Profile Data Options Table 8: of authentication types Table 9: of authentication types Table 0: Active Directory Parameters Table : LDAP Authentication Parameters Table 2: User Role Management Window Parameters Table : Security Profile Management Window Parameters Table 4: User Management window parameters Table 5: User Management window toolbar functions Table 6: User Details window parameters Chapter Managing the System and Licenses Table 7: System and License Management toolbar functions Table 8: Deployment Details pane Table 9: System and License Management Window Parameters - Systems View Table 20: System and License Management Window Parameters - Licenses View Table 2: License parameters Table 22: Device Access Parameters Table 2: System administration web control parameter Table 24: Time server parameters Chapter 4 User Information Source Configuration Table 25: Supported Information Sources Table 26: Certification Configuration Parameters Table 27: Supported User Interface Property Values Chapter 5 Set up JSA Copyright 206, Juniper Networks, Inc. xi

12 Juniper Secure Analytics Administration Guide Table 28: Example of Multiple CIDRs and subnets in a Single Network Group Table 29: Example of an All-Encompassing Group Table 0: Acceptable CIDR Values Table : Check for Updates Toolbar Functions Table 2: System Settings Window Parameters Table : Retention Window Parameters Table 4: Retention Window Toolbar Table 5: Retention Bucket Parameters Table 6: Global System Notifications Window Parameters Table 7: Console Settings Table 8: Custom Close Reasons Window Parameters Table 9: Index Management Window Parameters Table 40: Index Management Window Parameters Chapter 6 Managing Reference Sets Table 4: Reference Set Parameters Table 42: Reference Set Parameters Table 4: Content Tab Parameters Table 44: Content Tab Parameters Table 45: Reference Set Pameters Chapter 7 Reference Data Collections Table 46: Reference Data Collection Types Chapter 8 Managing Authorized Services Table 47: Parameters for Authorized Services Table 48: Query String Parameters for the Customer Support Service Table 49: Query String Parameters for the Customer Support Service Table 50: Query String Parameters for the Customer Support Service Chapter 9 Managing Backup and Recovery Table 5: Backup Recovery Configuration Parameters Table 52: On-demand Configuration Parameters Table 5: Restore a Backup Parameters Table 54: Restore a Backup (Managed Host Accessibility) Parameters Table 55: Restore a Backup Parameters Table 56: of File Name Variables Chapter 0 Deployment Editor Table 57: of Supported Component Connections Table 58: Parameters for the Managed Host Table 59: Parameters for a NAT-Enabled Network Table 60: Parameters for the Managed Host Table 6: Parameters for a NAT-Enabled Network Table 62: Host Context Parameters Table 6: Accumulator Parameters Table 64: Nat-enabled Network Parameters Table 65: Advanced Flow Processor parameters Table 66: Advanced Flow Processor Parameters Table 67: Event Collector Parameters Table 68: Event Collector Advanced Parameters xii Copyright 206, Juniper Networks, Inc.

13 List of Tables Table 69: Parameter Values for the Event Processor Table 70: Event Processor Advanced Parameters Table 7: Off-site Source Parameters Table 72: Off-site Target Parameters Chapter Managing Flow Sources Table 7: Internal and External Flow Sources Table 74: Spoofing and Non-Spoofing Methods Chapter 2 Remote Networks and Services Configuration Table 75: Default Remote Network Groups Table 76: Default Remote Service Groups Chapter 4 Data Forwarding Table 77: Forwarding Destinations Parameters Table 78: Routing Rules Window Parameters Table 79: of the Forwarding Destination Toolbar Actions Chapter 5 Event Store and Forward Table 80: Store and Forward Window Parameters Chapter 6 Data Obfuscation Table 8: Command Options for Generating the RSA Private Key Table 82: Options to Format the Private Key Table 8: Command Options for Generating the Public Key Table 84: Attributes of the obfuscation_expressions.xml File Table 85: Example Regex Patterns that can Parse User Names Table 86: Options for the Obfuscation_decoder.sh Script Chapter 7 Content Management Tool Table 87: Custom Content Types Table 88: Custom Content Types Chapter 8 Audit Logs Table 89: of the Parts of the Log File Format Table 90: Logged Action Categories Chapter 9 Event Categories Table 9: Low-level Categories and Severity Levels for the Recon Events Category Table 92: Low-level Categories and Severity Levels for the DoS Events Category Table 9: Low-level Categories and Severity Levels for the Authentication Events Category Table 94: Low-level Categories and Severity Levels for the Access Events Category Table 95: Low-level Categories and Severity Levels for the Exploit Events Category Table 96: Low-level categories and Severity Levels for the Malware Events Category Table 97: Low-level Categories and Severity Levels for the Suspicious Activity Events Category Copyright 206, Juniper Networks, Inc. xiii

14 Juniper Secure Analytics Administration Guide Table 98: Low-level Categories and Severity Levels for the System Events Category Table 99: Low-level Categories and Severity Levels for the Policy Category Table 00: Low-level categories and Severity Levels for the Unknown Category Table 0: Low-level Categories and Severity Levels for the CRE Category Table 02: Low-level categories and Severity Levels for the Potential Exploit Category Table 0: Low-level Categories and Severity Levels for the User Defined Category Table 04: Low-level Categories and Severity Levels for the VIS Host Discovery Category Table 05: Low-level Categories and Severity Levels for the Application Category Table 06: Low-level Categories and Severity Levels for the Audit Category Table 07: Low-Level Categories and Severity Levels for the Control Category Table 08: Low-level Categories and Severity Levels for the Asset Profiler Category Chapter 20 Ports Used by JSA Table 09: Listening Ports Used by JSA, Services, and Components xiv Copyright 206, Juniper Networks, Inc.

15 About the Documentation Documentation and Release Notes Documentation and Release Notes on page xv Documentation Conventions on page xv Documentation Feedback on page xvii Requesting Technical Support on page xviii Documentation Conventions To obtain the most current version of all Juniper Networks technical documentation, see the product documentation page on the Juniper Networks website at If the information in the latest release notes differs from the information in the documentation, follow the product Release Notes. Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts. These books go beyond the technical documentation to explore the nuances of network architecture, deployment, and administration. The current list can be viewed at Table on page xvi defines notice icons used in this guide. Copyright 206, Juniper Networks, Inc. xv

16 Juniper Secure Analytics Administration Guide Table : Notice Icons Icon Meaning Informational note Indicates important features or instructions. Caution Indicates a situation that might result in loss of data or hardware damage. Warning Alerts you to the risk of personal injury or death. Laser warning Alerts you to the risk of personal injury from a laser. Tip Indicates helpful information. Best practice Alerts you to a recommended use or implementation. Table 2: Text and Syntax Conventions Table 2 on page xvi defines the text and syntax conventions used in this guide. Convention Examples Bold text like this Represents text that you type. To enter configuration mode, type the configure command: user@host> configure Fixed-width text like this Italic text like this Represents output that appears on the terminal screen. Introduces or emphasizes important new terms. Identifies guide names. Identifies RFC and Internet draft titles. user@host> show chassis alarms No alarms currently active A policy term is a named structure that defines match conditions and actions. Junos OS CLI User Guide RFC 997, BGP Communities Attribute Italic text like this Represents variables (options for which you substitute a value) in commands or configuration statements. Configure the machine s domain name: [edit] root@# set system domain-name domain-name xvi Copyright 206, Juniper Networks, Inc.

17 About the Documentation Table 2: Text and Syntax Conventions (continued) Convention Examples Text like this Represents names of configuration statements, commands, files, and directories; configuration hierarchy levels; or labels on routing platform components. To configure a stub area, include the stub statement at the [edit protocols ospf area area-id] hierarchy level. The console port is labeled CONSOLE. < > (angle brackets) Encloses optional keywords or variables. stub <default-metric metric>; (pipe symbol) Indicates a choice between the mutually exclusive keywords or variables on either side of the symbol. The set of choices is often enclosed in parentheses for clarity. broadcast multicast (string string2 string) # (pound sign) Indicates a comment specified on the same line as the configuration statement to which it applies. rsvp { # Required for dynamic MPLS only [ ] (square brackets) Encloses a variable for which you can substitute one or more values. community name members [ community-ids ] Indention and braces ( { } ) ; (semicolon) Identifies a level in the configuration hierarchy. Identifies a leaf statement at a configuration hierarchy level. [edit] routing-options { static { route default { nexthop address; retain; } } } GUI Conventions Bold text like this Represents graphical user interface (GUI) items you click or select. In the Logical Interfaces box, select All Interfaces. To cancel the configuration, click Cancel. > (bold right angle bracket) Separates levels in a hierarchy of menu selections. In the configuration editor hierarchy, select Protocols>Ospf. Documentation Feedback We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can provide feedback by using either of the following methods: Online feedback rating system On any page of the Juniper Networks TechLibrary site at simply click the stars to rate the content, and use the pop-up form to provide us with information about your experience. Alternately, you can use the online feedback form at Copyright 206, Juniper Networks, Inc. xvii

18 Juniper Secure Analytics Administration Guide Send your comments to Include the document or topic name, URL or page number, and software version (if applicable). Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or Partner Support Service support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC. JTAC policies For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at Product warranties For product warranty information, visit JTAC hours of operation The JTAC centers have resources available 24 hours a day, 7 days a week, 65 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: Search for known bugs: Find product documentation: Find solutions and answer questions using our Knowledge Base: Download the latest versions of software and review release notes: Search technical bulletins for relevant hardware and software notifications: Join and participate in the Juniper Networks Community Forum: Open a case online in the CSC Case Management tool: To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone. Use the Case Management tool in the CSC at Call JTAC ( toll-free in the USA, Canada, and Mexico). xviii Copyright 206, Juniper Networks, Inc.

19 About the Documentation For international or direct-dial options in countries without toll-free numbers, see Copyright 206, Juniper Networks, Inc. xix

20 Juniper Secure Analytics Administration Guide xx Copyright 206, Juniper Networks, Inc.

21 PART JSA Administration Overview on page User Management on page Managing the System and Licenses on page 5 User Information Source Configuration on page 5 Set up JSA on page 65 Managing Reference Sets on page 99 Reference Data Collections on page 07 Managing Authorized Services on page 5 Managing Backup and Recovery on page 2 Deployment Editor on page Managing Flow Sources on page 6 Remote Networks and Services Configuration on page 7 Server Discovery on page 79 Data Forwarding on page 8 Event Store and Forward on page 9 Data Obfuscation on page 97 Content Management Tool on page 205 Audit Logs on page 2 Event Categories on page 27 Ports Used by JSA on page 277 Copyright 206, Juniper Networks, Inc.

22 Juniper Secure Analytics Administration Guide 2 Copyright 206, Juniper Networks, Inc.

23 CHAPTER Overview Supported Web Browsers This chapter provides information on how to access and use the Juniper Secure Analytics (JSA) user interface and the Admin tab. Supported Web Browsers on page Admin Tab Overview on page 4 Deploying Changes on page 5 Updating User Details on page 6 Resetting SIM on page 7 Monitoring Systems With SNMP on page 8 Managing Aggregated Data Views on page 8 For the features in Juniper Secure Analytics (JSA) to work properly, you must use a supported web browser. When you access the system, a prompt is displayed asking for a user name and a password. The user name and password must be configured in advance by the administrator. Table on page describes the supported web browsers. Table : Supported Web Browsers Web browser Supported version Mozilla Firefox 7.0 Extended Support Release 24.0 Extended Support Release Mozilla Firefox has a short release cycle. We cannot commit to testing on the latest versions of the Mozilla Firefox browser. However, we are fully committed to investigating any issues that are reported. 2-bit Microsoft Internet Explorer, with document mode and browser mode enabled Google Chrome The current version as of the release date of JSA products. Copyright 206, Juniper Networks, Inc.

24 Juniper Secure Analytics Administration Guide Related Documentation Admin Tab Overview on page 4 Deploying Changes on page 5 Updating User Details on page 6 Monitoring Systems With SNMP on page 8 Managing Aggregated Data Views on page 8 Admin Tab Overview Administrators use the Admin tab in Juniper Secure Analytics (JSA) to manage dashboards, offenses, log activity, network activity, assets, and reports. The Admin tab provides several tab and menu options that allow you to configure JSA. You must have Administrative privileges to access Administrative functions. To access Administrative functions, click the Admin tab on the user interface. The Admin tab provides access to the following functions: Manage users. See User Management on page. Manage your network settings. See Managing the System and Licenses on page 5. Manage high availability. See the High Availability Guide. Manage references sets. See Reference Set Management Overview on page 99. Manage authorized services. See Managing Authorized Services on page 5. Backup and recover your data. See Understanding Backup and Recovery Components on page 2. Manage your deployment views. See Deployment Editor on page. Manage flow sources. See Flow Sources Overview on page 6. Configure remote networks and remote services. See Remote Networks and Services Configuration on page 7. Discover servers. See Server Discovery on page 79. Configure data forwarding. See Data Forwarding on page 8. Managing vulnerability scanners. For more information, see the Managing Vulnerability Assessment Guide. Configure plug-ins. For more information, see the Associated Documentation. Manage log sources. For more information, see the Log Sources Users Guide. The Admin tab also includes menu options as described in Table 4 on page 5. 4 Copyright 206, Juniper Networks, Inc.

25 Chapter : Overview Table 4: Admin Tab Menu Options Menu option Deployment Editor Opens the Deployment Editor window. For more information, see Deployment Editor on page. Deploy Changes Deploys any configuration changes from the current session to your deployment. For more information, see Deploying Changes on page 5. Advanced The Advanced menu provides the following options: Clean SIM Model Resets the SIM module. See Resetting SIM on page 7. Deploy Full Configuration Deploys all configuration changes. For more information, see Deploying Changes on page 5. Related Documentation Supported Web Browsers on page Deploying Changes on page 5 Updating User Details on page 6 Resetting SIM on page 7 Monitoring Systems With SNMP on page 8 Managing Aggregated Data Views on page 8 Deploying Changes You can update your configuration settings from the Admin tab. Your changes are saved to a staging area where they are stored until you manually deploy the changes. Each time that you access the Admin tab and each time you close a window on the Admin tab, a banner at the top of the Admin tab displays the following message: Checking for undeployed changes. If undeployed changes are found, the banner updates to provide information about the undeployed changes. If the list of undeployed changes is lengthy, a scroll bar is provided. Scroll through the list. The banner message also suggests which type of deployment change to make. Choose one of the two options: Deploy Changes Click the Deploy Changes icon on the Admin tab toolbar to deploy any configuration changes from the current session to your deployment. Deploy Full Configuration Select Advanced > Deploy Full Configuration from the Admin tab menu to deploy all configuration settings to your deployment. All deployed changes are then applied throughout your deployment. NOTE: When you click Deploy Full Configuration, JSA restarts all services, which result in a gap in data collection until deployment completes. Copyright 206, Juniper Networks, Inc. 5

26 Juniper Secure Analytics Administration Guide After you deploy your changes, the banner clears the list of undeployed changes and checks the staging area again for any new undeployed changes. If none are present, the following message is displayed: There are no changes to deploy.. Click View Details. 2. Choose one of the following options: a. To expand a group to display all items, click the plus sign (+) beside the text. When done, you can click the minus sign (-). b. To expand all groups, click Expand All. When done, you can click Collapse All. c. Click Hide Details to hide the details from view again.. Perform the suggested task: a. From the Admin tab menu, click Deploy Changes. b. From the Admin tab menu, click Advanced > Deploy Full Configuration. Related Documentation Updating User Details on page 6 Resetting SIM on page 7 Monitoring Systems With SNMP on page 8 Managing Aggregated Data Views on page 8 Supported Web Browsers on page Admin Tab Overview on page 4 Updating User Details You can access your administrative user details through the main user interface. To update the user details:. Click Preferences. Table 5: Main User Detail Interface 2. Optional. Update the configurable user details by referring the Table 5 on page 6. Option Type a new address Password Type a new password Password (Confirm) Type the new password again Enable Popup Notifications Popup system notifications are displayed at the lower right corner of the user interface. To disable popup notifications, clear this check box. For more information about popup notifications, see the Juniper Secure Analytics Users Guide. 6 Copyright 206, Juniper Networks, Inc.

27 Chapter : Overview Table 5: Main User Detail Interface (continued) Option Locale JSA is available in the following languages: English, Simplified Chinese, Traditional Chinese, Japanese, Korean, French, German, Italian, Spanish, Russian, and Portuguese (Brazil). If a locale is not listed, the user interface is not translated into the associated language. However, other associated cultural conventions, such as, character type, collation, format of date and time, currency unit are supported.. Click Save. Related Documentation Resetting SIM on page 7 Monitoring Systems With SNMP on page 8 Managing Aggregated Data Views on page 8 Supported Web Browsers on page Admin Tab Overview on page 4 Resetting SIM Use the Admin to reset the SIM module. This allows you to remove all offense, source IP address, and destination IP address information from the database and the disk. This option is useful after you tune your deployment to avoid receiving any additional false positive information. The SIM reset process can take several minutes, depending on the amount of data in your system. If you attempt to move to other areas of the JSA user interface during the SIM reset process, an error message is displayed. To reset the SIM:. Click the Admin tab. 2. From the Advanced menu, select Clean SIM Model.. Read the information on the Reset SIM Data Module window. 4. Select one of the options as described in the Table 6 on page 7. Table 6: SIM Resetting Options Option Soft Clean Closes all offenses in the database. If you select the Soft Clean option, you can also select the Deactivate all offenses check box. Hard Clean Purges all current and historical SIM data, which includes offenses, source IP addresses, and destination IP addresses. Copyright 206, Juniper Networks, Inc. 7