Policy Monitor Questions
You can define questions in Policy Monitor to assess and monitor risk based on network activity, vulnerabilities, and firewall rules.
When you submit a question, the topology search is based on the data type that you selected:
For questions based on assets, then the search is based on the network assets that violated a defined policy or assets that introduced risk into the network.
For questions based on devices/rules, then the search either identifies the rules in a device that violated a defined policy or introduced risk into the network.
If a question is based on asset compliance, then the search identifies if an asset is compliant with a CIS benchmark.
If you configured JSA for multiple domains, asset questions only monitor assets in your default domain. Asset compliance questions monitor assets in your default domain unless you configured another domain in the Admin >Domain Management window. For more information about domain management, see the Juniper Secure Analytics Administration Guide.
Devices/rules questions look for violations in rules and policy and do not have restrictive test components. You can also ask devices/rules questions for applications.
Asset tests are divided into these categories:
A contributing test uses the question parameters to examine the risk indicators that are specified in the question. Risk data results are generated, which can be further filtered using a restrictive test. Contributing tests are shown in the Which tests do you want to include in your question area. Contributing tests return data based on assets detected that match the test question.
A restrictive test narrows the results that are returned by a contributing test question. Restrictive tests display only in the Which tests do you want to include in your question area after a contributing test is added. You can add restrictive tests only after you include a contributing test in the question. If you remove or delete a contributing test question, the restrictive test question cannot be saved.
Asset compliance questions look for assets that are not in compliance with CIS benchmarks. The tests that are included in the CIS benchmark are configured with the Compliance Benchmark Editor.