Using the Content Management Tool



Similar documents
Migrating Log Manager to JSA

Adaptive Log Exporter Service Update

REPLACING THE SSL CERTIFICATE

Installing JSA Using a Bootable USB Flash Drive

STRM Log Manager Administration Guide

Custom Notifications

NSM Plug-In Users Guide

Managing Vulnerability Assessment

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

WinCollect User Guide

Log Sources Users Guide

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

Adaptive Log Exporter Users Guide

STRM Log Manager Users Guide

QUICK START GUIDE CX-MC200LE-VZ

Configuring Offboard Storage Guide

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

After you have created your text file, see Adding a Log Source.

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

ADMINISTRATOR S GUIDE

Wireless Travel Mouse with 5-Buttons User Manual

This technical note provides information on how to customize your notifications. This section includes the following topics:

WBSn Family. FW Upgrade

Unless otherwise noted, all references to STRM refer to STRM, STRM Log Manager, and STRM Network Anomaly Detection.

Installation Guide USB Laptop KVM Switch GCS661U

Tuning Guide. Release Juniper Secure Analytics. Juniper Networks, Inc.

Web Publisher s Kit Getting Started Guide FOR WINDOWS

RocketStor SMART RAID

Dual Ports Serial PC Card User Manual

IBM Security QRadar Version (MR1) Checking the Integrity of Event and Flow Logs Technical Note

Usage, Installation, Warranty and Service Information

IBM Security QRadar Version (MR1) Replacing the SSL Certificate Technical Note

AG MacOS Standalone Array Client Administration Guide

Installation Guide 1-port USB 2.0 Print Server 1 GPSU21

SmartDock for Xperia ion User guide

Implementation Consulting

Cisco Unified SIP Phone 3905 User Guide for Cisco Unified Communications Manager 8.6

Skyus 3G. Quick Start Guide Verizon

User guide. Miracast Wireless Display IM10

SanDisk Connect Wireless Flash Drive QUICK START GUIDE

NEC SIP DECT SOLUTIONS ADMINISTRATOR GUIDE

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

1394 CardBus Quick Installation Guide

FortiFone QuickStart Guide for FON-370i

IBM Security QRadar Version Installing QRadar with a Bootable USB Flash-drive Technical Note

mysensors mysensors Wireless Sensors and Ethernet Gateway Quick Start Guide Information to Users Inside the Box mysensors Ethernet Gateway Quick Start

Junos Space. Junos Space Security Director Restful Web Services API Reference. Modified: Copyright 2016, Juniper Networks, Inc.

ASUS GX900 Gaming Mouse

Wireless Mouse USER GUIDE. for Mac. ONE YEAR LIMITED WARRANTY N2953

DVI Video Splitter USER MANUAL VS-162 / VS-164

Dual-Cool Notebook Cooler Pad. User s Manual

QUICK INSTALLATION. 8-Port Telephony Gateway. Model: SPA8000

Optical Wireless Mouse. User s Manual

Cisco Expressway CE500 Appliance

RocketRAID 600 Series 6Gb/s SATA RAID Host Adapters (RocketRAID 620 and RocketRAID 622)

IFS SP-PoE Splitter User Manual

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

ES-3305P V2 / ES-3308P V2. Quick Installation Guide / v1.0

P-660HN n Wireless ADSL2+ 4-port Gateway DEFAULT LOGIN DETAILS. Firmware Version 1.10 Edition 1, 9/2010. IP Address:

USER MANUAL VS92A / VS94A / VS98A

User Manual. PePWave Surf / Surf AP Indoor Series: Surf 200, E200, AP 200, AP 400. PePWave Mesh Connector Indoor Series: MC 200, E200, 400

Getting started with Coin

Laser Wireless Rechargeable Mouse. User s Manual

File Share Cable USER GUIDE. for Mac. ONE YEAR LIMITED WARRANTY N2953

What is Bitdefender BOX?

FortiFone QuickStart Guide for FON-670i and FON-675i

Wireless Security System. Wireless Security Camera. SI519 Instructions. SI513 Instructions. Read and save these instructions.

Cisco Unified Communications Self Care Portal User Guide, Release 10.5(1)

Configuring and Implementing A10

EZCast 5GHz. Rev ! Quick Start Guide. Introduction

Congratulations on your HomePortal purchase. To install your HomePortal and configure your home network, follow these steps.

READ FIRST! Universal Car/Air Adapter User Manual

AVerMedia AVerKey imicro User s Manual

USB 2.0 USB 2.0 ETHERNET AUDIO JACK AND RCA VIDEO HDMI MICRO SD CARD MICRO USB POWER

TECHNICAL NOTE INSTALLING AND CONFIGURING ALE USING A CLI. Installing the Adaptive Log Exporter

Dell Active Pen Series. User s Guide

High Speed File Share Cable USER GUIDE

HDMI or Component Standalone Capture Device 1080p

USB 2.0 Peripheral Switch USER MANUAL US221A / US421A

DMX USB PRO. User Manual.

Creatix g Adapter CTX405 V.1/V.2 User Manual

Getting Started. Table of Contents. Quick User Guide - English

PIR-1 Owner s Manual

Juniper Secure Analytics

USB Port Hub with USB Power Cable. User s Manual

etoken Single Sign-On

Intelli-Time Alarm Clock model 13027

Symantec LiveUpdate Administrator. Getting Started Guide

User manual. Your best protection against theft and loss. (Android) Made for

ST122VGAU. Instruction Manual. VGA Video Switch. 2-Port Automatic VGA Video Switch

Alarm Clock USER GUIDE

WLAN660 Wireless IP Phone Administrator s Guide

Strategic Network Consulting

Wireless Alarm System. Alarm Siren. User s Manual. Choice ALERT. Control all Sensors & accessories from one location

USB 2.0 to 10/100Mbps Ethernet Adapter UE User Manual

Cisco UCS Director Payment Gateway Integration Guide, Release 4.1

User Guide. Cordless Optical Mouse N2953

User Manual TuneCast Auto for ipod

Hands-free phone system features (for cellular phone)

Linux. Managing security compliance

Transcription:

Security Threat Response Manager Release 2013.1 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Published: 2013-03-15

Copyright Notice Copyright 2013 Juniper Networks, Inc. All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. The following terms are trademarks or registered trademarks of other companies: Java TM and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. FCC Statement The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Juniper Networks installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Consult the dealer or an experienced radio/tv technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected. Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device. Disclaimer THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT, SUBJECT TO THE MODIFICTAIONS SET FORTH BELOW ON THIS PAGE, ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY. Release 2013.1 Copyright 2013, Juniper Networks, Inc. All rights reserved. Printed in USA. Revision History March 2013 The information in this document is current as of the date listed in the revision history. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at http://www.juniper.net/support/eula.html, as modified by the following text, which shall be treated under the EULA as an Entitlement Document taking precedence over any conflicting provisions of such EULA as regards such software: As regards software accompanying the STRM products (the Program ), such software contains software licensed by Q1 Labs and is further accompanied by third-party software that is described in the applicable documentation or materials provided by Juniper Networks. 2

For the convenience of Licensee, the Program may be accompanied by a third party operating system. The operating system is not part of the Program, and is licensed directly by the operating system provider (e.g., Red Hat Inc., Novell Inc., etc.) to Licensee. Neither Juniper Networks nor Q1 Labs is a party to the license between Licensee and the third party operating system provider, and the Program includes the third party operating system AS IS, without representation or warranty, express or implied, including any implied warranty of merchantability, fitness for a particular purpose or non-infringement. For an installed Red Hat operating system, see the license file: /usr/share/doc/redhat-release-server-6server/eula. By downloading, installing or using such software, you agree to the terms and conditions of that EULA as so modified. 3

4

CONTENTS 1 USING THE CONTENT MANAGEMENT TOOL CMT Overview....................................................... 7 Exporting All Custom Content........................................... 8 Exporting All Custom Content of a Specific Type............................. 8 Exporting Single Custom Content Item.................................... 9 Importing Content................................................... 10

1 USING THE CONTENT MANAGEMENT TOOL (CMT), you can export security and configuration content into an external, portable format. You can import the exported content into the same system you exported from or into another STRM system. This technical note includes the following topics: CMT Overview Exporting All Custom Content Exporting All Custom Content of a Specific Type Exporting Single Custom Content Item Importing Content CMT Overview This technical note is intended for use by Juniper Customer Support, Professional Services, and select customers who have advanced STRM knowledge and experience working with PostgreSQL databases. Using the CMT, you can export and import the following content: Dashboards Reports Saved Searches Reference Sets Custom and Calculated Properties Custom Rules and Building Blocks Groups Log Sources When importing and exporting custom content, the CMT considers content dependencies, and then includes associated content in the import or export. For example, when the CMT detects that a custom report is associated with custom saved searches, the custom saved searches are also exported.

8 USING THE CONTENT MANAGEMENT TOOL Exporting All Custom Content Step 1 Step 2 Step 3 To export all custom content: Using SSH, log in to STRM as the root user: Username: root Password: <password> To access the /opt/qradar/bin directory, type the following command: cd /opt/qradar/bin Choose one of the following options: To export all content that excludes accumulated data, type the following command:./content_management.sh <directory_path> export all To export saved searches that includes accumulated data, type the following command:./content_management.sh <directory_path> export all gv Where <directory_path> is the directory to which you want to export content. This parameter is optional, but recommended. If you omit the <directory_path> parameter, the content is exported to the default directory, which is /store/tmp/cmt/out. The /store/tmp/cmt/out directory is deleted nightly during scheduled maintenance. The exported content is compressed to a.tar.gz file and exported to the specified directory. The following is an example of a.tar.gz file name: report-contentexport-20120419101803.tar.gz. You can manually change the name of the exported file, if required. Exporting All Custom Content of a Specific Type Step 1 Step 2 Step 3 To export all custom content of a specific type: Using SSH, log in to STRM as the root user: Username: root Password: <password> To access the /opt/qradar/bin directory, type the following command: cd /opt/qradar/bin Choose one of the following options: To export specific content that excludes accumulated data, type the following command:./content_management.sh <directory_path> export <content_type> all

Exporting Single Custom Content Item 9 To export specific content that includes accumulated data, type the following command:./content_management.sh <directory_path> export <content_type> all gv Where: <directory_path> - Specifies the directory to which you want to export content. This parameter is optional, but recommended. If you omit the <directory_path> parameter, the content is exported to the default directory, which is /store/tmp/cmt/out. The /store/tmp/cmt/out directory is deleted nightly during scheduled maintenance. <content_type> - Specifies the type of content you want to import or export. You can type the content type as a text string or type the corresponding numeric identifier. Use the following table as a guide: Table 1-1 Content Types Custom Content Type Text String Numeric Identifier Dashboard dashboard 4 Reports report 10 Saved Searches search 1 FGroup fgroup 12 FGroup Type fgrouptype 13 Custom Rules customrule 3 Reference Sets referenceset 5 Custom Properties customproperty 6 Log Source sensordevice 17 Log Source Type sensordevicetype 24 Log Source Category sensordevicecategory 18 The exported content is compressed to a.tar.gz file and exported to the specified directory. You can manually change the name of the exported file, if required. Exporting Single Custom Content Item Step 1 You can export a single custom content item, such as a custom rule or a custom search criteria. To export a single custom content item: Using SSH, log in to STRM as the root user: Username: root Password: <password>

10 USING THE CONTENT MANAGEMENT TOOL Step 2 Step 3 To access the /opt/qradar/bin directory, type the following command: cd /opt/qradar/bin Choose one of the following options: To export single custom content that excludes accumulated data, type the following command:./content_management.sh <directory_path> export <content_type> <string_id_value> To export single custom content that includes accumulated data, type the following command:./content_management.sh <directory_path> export <content_type> <string_id_value> gv Where: <directory_path> - Specifies the directory to which you want to export content. This parameter is optional, but recommended. If you omit the <directory_path> parameter, the content is exported to the default directory, which is /store/tmp/cmt/out. The /store/tmp/cmt/out directory is deleted nightly during scheduled maintenance. <import export> - Specifies whether you want to import or export the specified custom content. <content_type> - Specifies the type of content you want to import or export. You can type the content type as a text string or type the corresponding numeric identifier. Use Table 1-1 as a guide. <string_id_value> - Specifies the identifier for the specific instance of custom content, such as a single report or a single reference set. You can locate the string_id_value by querying the PostgreSQL database. This technical note assumes that you have experience with PostgreSQL and does not provide instructions for how to query the database. The exported content is compressed to a.tar.gz file and exported to the specified directory. You can manually change the name of the exported file, if required. Importing Content Step 1 After you export custom content, you can import the exported content into the same STRM system you exported from or another STRM system. If you want to import the content into another STRM system, you must transfer the output file to the other system before proceeding with this procedure. To import previously exported content: Using SSH, log in to STRM as the root user: Username: root Password: <password>

Importing Content 11 Step 2 Step 3 Step 4 To access the /opt/qradar/bin directory, type the following command: cd /opt/qradar/bin Access the directory where you exported the content file to. Type the following commands: cd <directory_name> Where <directory_name> is the name of the directory you specified when exporting the content or the default /store/tmp/cmt/out if you did not specify a directory. To list the files located in the directory, type the following command: ls The output of this command may resemble the following: drwxr-xr-x 2 root root 24576 Apr 18 16:39 fgroup-contentexport-20120418163707 -rw-r-r- 1 root root 324596 Apr 18 16:39 fgroup-contentexport-20120418163707.tar.gz drwxr-xr-x 2 root root 4096 Apr 18 16:56 report-contentexport-20120418165529 -rw-r-r- 1 root root 42438 Apr 18 16:56 report-contentexport-20120418165529.tar.gz drwxr-xr-x 2 root root 4096 Apr 19 10:18 report-contentexport-20120419101803 -rw-r-r- 1 root root 3295 Apr 19 10:18 report-contentexport-20120419101803.tar.gz In this example, report-contentexport-20120419101803.tar.gz is an export file name. CAUTION If you manually uncompressed the.tar.gz file while the file is located in the default or custom export directory, you must move the extracted files and directories to another location before importing the tar.gz file. Step 5 Type the following command: /opt/qradar/bin/content_management.sh <directory_name> import <export_file_name> Where: <directory_name> - Specifies the name of the directory you specified when exporting the content or the default /store/tmp/cmt/out if you did not specify a directory. <export_file_name> - Specifies the name of the file you want to import.

Importing Content 12 For example:./content_management.sh import report-contentexport-20120419101803.tar.gz The content you imported is now uncompressed and available on your STRM system.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information