Use Case: View Network Paths in the Topology
The topology in JSA Risk Manager displays a graphical representation of your network devices.
A topology path search can determine how your network devices are communicating and the network path that they use to communicate. Path searching allows JSA Risk Manager to visibly display the path between a source and destination, along with the ports, protocols, and rules.
You can view how devices communicate, which is important on secured or restricted access assets.
Key features include:
Ability to view communications between devices on your network.
Use filters to search the topology for network devices.
Quick access to view device rules and configuration.
Ability to view events that are generated from a path search.
Searching the Topology
Topology search is used to filter your network topology view, and zone in on network paths, hosts, subnets, and other network elements. Investigate various elements of your network infrastructure by using topology search.
A path search is used to filter the topology model. A path search includes all network subnets that contain the source IP addresses or CIDR ranges and subnets that contain destination IP addresses or CIDR ranges that are also allowed to communicate by using the configured protocol and port. The search examines your existing topology model and includes the devices that are involved in the communication path between the source and destination and detailed connection information.
- Click the Risks tab.
- On the navigation menu, click Topology.
- From the Search list box, select New Search.
- In the Search Criteria pane, select Path.
- In the Source IP/CIDR field, type the IP address or CIDR range on which you want to filter the topology model. Separate multiple entries by using a comma.
- In the Destination IP/CIDR field, type the destination IP address or CIDR range on which you want to filter the topology model. Separate multiple entries by using a comma.
- From the Protocol list, select the protocol that you want to use to filter the topology model.
- In the Destination Port field, type the destination port on which you want to filter the topology model. Separate multiple ports by using a comma.
- Select a protocol from the Protocol menu.
- Type a destination port.
- Click Select Applications.
From the Device Adapter menu, select the device adapter type.
Type a partial or full search term or leave the Application Name field empty, and then click Search.
Select any of the displayed applications in the Search Results field, and click Add to add your selections to the Selected Items box.
- Click Select Vulnerabilities.
From the Search By menu, select the vulnerability category.
In the Field beside the Search By menu, enter the ID number of the vulnerability.
Select any of the displayed vulnerabilities in the Search Results field, and then click Add to add your selections to the Selected Items box.
If your topology includes an Intrusion Prevention System (IPS), the vulnerabilities search option is displayed. For more information, see the Juniper Secure Analytics Risk Manager User Guide.
- Click Select Users/Groups.
Type a partial or full search term or leave the User/Group Name field empty, and then click Search.
Select the user or group name in the Search Results field, and then click Add to add your selections to the Selected Items box.
Click OK, and then click Search.
- Click Search to view the results.