Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

JSA Common Procedures

 

Various controls on the JSA user interface are common to most user interface tabs.

Information about these common procedures is described in the following sections.

Viewing Messages

The Messages menu, which is on the upper right corner of the user interface, provides access to a window in which you can read and manage your system notifications.

For system notifications to show on the Messages window, the administrator must create a rule that is based on each notification message type and select the Notify check box in the Custom Rules Wizard.

The Messages menu indicates how many unread system notifications you have in your system. This indicator increments the number until you close system notifications. For each system notification, the Messages window provides a summary and the date stamp for when the system notification was created. You can hover your mouse pointer over a notification to view more detail. Using the functions on the Messages window, you can manage the system notifications.

System notifications are also available on the Dashboard tab and on an optional pop-up window that can be displayed on the lower left corner of the user interface. Actions that you perform in the Messages window are propagated to the Dashboard tab and the pop-up window. For example, if you close a system notification from the Messages window, the system notification is removed from all system notification displays.

For more information about Dashboard system notifications, see Managing System Notifications.

The Messages window provides the following functions:

Table 1: Functions Available in the Messages Window

Function

Description

All

Click All to view all system notifications. This option is the default, therefore, you click All only if you selected another option and want to display all system notifications again.

Health

Click Health to view only system notifications that have a severity level of Health.

Errors

Click Errors to view only system notifications that have a severity level of Error.

Warnings

Click Warnings to view only the system notifications that have a severity level of Warning.

Information

Click Information to view only the system notifications that have a severity level of information.

Dismiss All

Click Dismiss All to close all system notifications from your system. If you filtered the list of system notifications by using the Health, Errors, Warnings, or Information icons, the text on the View All icon changes to one of the following options:

  • Dismiss All Errors

  • Dismiss All Health

  • Dismiss All Warnings

  • Dismiss All Warnings

  • Dismiss All Info

View All

Click View All to view the system notification events in the Log Activity tab. If you filtered the list of system notifications by using the Health, Errors, Warnings, or Information icons, the text on the View All icon changes to one of the following options:

  • View All Errors

  • View All Health

  • View All Warnings

  • View All Info

Dismiss

Click the Dismiss icon beside a system notification to close the system notification from your system.

  1. Log in to JSA .
  2. On the upper right corner of the user interface, click Messages.
  3. On the Messages window, view the system notification details.
  4. Optional. To refine the list of system notifications, click one of the following options:
    • Errors

    • Warnings

    • Information

  5. Optional. To close system notifications, choose of the following options:

    Option

    Description

    Dismiss All

    Click to close all system notifications.

    Dismiss

    Click the Dismiss icon next to the system notification that you want to close.

  6. Optional. To view the system notification details, hover your mouse pointer over the system notification.

Sorting Results

You sort the results in tables by clicking a column heading. An arrow at the top of the column indicates the direction of the sort.

  1. Log in to JSA.
  2. Click the column header once to sort the table in descending order; twice to sort the table in ascending order.

Refreshing and Pausing the User Interface

You can manually refresh, pause, and play the data that is displayed on tabs.

  • Dashboard tab--The Dashboard tab automatically refreshes every 60 seconds. The timer, which is on the upper right corner of the interface, indicates the amount of time that remains until the tab is automatically refreshed.

    Click the title bar of any dashboard item to automatically pause the refresh time. The timer flashes red to indicate that the current display is paused.

  • Log Activity and Network Activity tabs--The Log Activity and Network Activity tabs automatically refresh every 60 seconds if you are viewing the tab in Last Interval (auto refresh) mode.

    When you view the Log Activity or Network Activity tab in Real Time (streaming) or Last Minute (auto refresh) mode, you can use the Pause icon to pause the current display.

  • Offenses tab--The Offenses tab must be refreshed manually. The timer, which is on the upper right corner of the interface, indicates the amount of time since the data was last refreshed. The timer flashes red when the timer is paused.

  1. Log in to JSA.
  2. Click the tab that you want to view.
  3. Choose one of the following options:

    Option

    Description

    Refresh

    Click Refresh, on the right corner of the tab, to refresh the tab.

    Pause

    Click to pause the display on the tab.

    Play

    Click to restart the timer after the timer is paused.

Investigating IP Addresses

You can use several methods to investigate information about IP addresses on the Dashboard, Log Activity, and Network Activity tabs.

  1. Log in to JSA.
  2. Click the tab that you want to view.
  3. Move your mouse pointer over an IP address to view the location of the IP address.
  4. Right-click the IP address or asset name and select one of the following options:

    Table 2: IP Addresses Information

    Option

    Description

    Navigate >View by Network

    Displays the networks that are associated with the selected IP address.

    Navigate >View Source Summary

    Displays the offenses that are associated with the selected source IP address.

    Navigate >View Destination Summary

    Displays the offenses that are associated with the selected destination IP address.

    Information >DNS Lookup

    Searches for DNS entries that are based on the IP address.

    Information >WHOIS Lookup

    Searches for the registered owner of a remote IP address. The default WHOIS server is whois.arin.net.

    Information >Port Scan

    Performs a Network Mapper (NMAP) scan of the selected IP address. This option is only available if NMAP is installed on your system. For more information about installing NMAP, see your vendor documentation.

    Information >Asset Profile

    Displays asset profile information.

    This option is displayed if JSA Vulnerability Manager is purchased and licensed. For more information, see the Juniper Secure Analytics Vulnerability Manager User Guide.

    This menu option is available if JSA acquired profile data either actively through a scan or passively through flow sources.

    This menu option is available if JSA acquired profile data actively through a scan.

    For information, see the Juniper Secure Analytics Administration Guide.

    Information >Search Events

    Searches for events that are associated with this IP address.

    Information >Search Flows

    Searches for flows that are associated with this IP address.

    Information >Search Connections

    Searches for connections that are associated with this IP address. This option is only displayed if you purchased JSA Risk Manager and connected JSA and the JSA Risk Manager appliance. For more information, see the Juniper Secure Analytics Risk Manager User Guide.

    Information >Switch Port Lookup

    Determines the switch port on a Cisco IOS device for this IP address. This option applies only to switches that are discovered by using the Discover Devices option on the Risks tab.

    Note: This menu option isn't available in Log Manager

    Information >View Topology

    Displays the Risks tab, which depicts the layer 3 topology of your network. This option is available if you purchased JSA Risk Manager and connected JSA and the JSA Risk Manager appliance. appliance.

    Run Vulnerability Scan

    Select the Run Vulnerability Scan option to scan an JSA Vulnerability Manager scan on this IP address. This option is only displayed when JSA Vulnerability Manager has been purchased and licensed. For more information, see the Juniper Secure Analytics Vulnerability Manager User Guide.

Investigate User Names

You can right-click a user name to access more menu options. Use these options to view more information about the user name or IP address.

You can investigate user names when JSA Vulnerability Manager is purchased and licensed. For more information, see the Juniper Secure Analytics Vulnerability Manager User Guide.

When you right-click a user name, you can choose the following menu options.

Table 3: Menu Options for User Name Investigation

Option

Description

View Assets

Displays current assets that are associated to the selected user name.

View User History

Displays all assets that are associated to the selected user name over the previous 24 hours.

View Events

Displays the events that are associated to the selected user name. For more information about the List of Events window, see Log Activity Investigation.

For more information about customizing the right-click menu, see the Juniper Secure Analytics Administration Guide for your product.

System Time

The right corner of the JSA user interface displays system time, which is the time on the console.

The console time synchronizes JSA systems within the JSA deployment. The console time is used to determine what time events were received from other devices for correct time synchronization correlation.

In a distributed deployment, the console might be in a different time zone from your desktop computer.

When you apply time-based filters and searches on the Log Activity and Network Activity tabs, you must use the console system time to specify a time range.

When you apply time-based filters and searches on the Log Activity tab, you must use the console system time to specify a time range.

Updating User Preferences

You can set your user preference, such as locale, in the main JSA user interface.

  1. To access your user information, click Preferences.
  2. Update your preferences.

    Option

    Description

    Username

    Displays your user name. You cannot edit this field.

    Password

    JSA user passwords are stored as a salted SHA-256 string.

    The password must meet the following criteria:

    • Minimum of 6 characters

    • Maximum of 255 characters

    • Contain at least 1 special character

    • Contain 1 uppercase character

    Password (Confirm)

    Password confirmation

    Email Address

    The email address must meet the following requirements:

    • Minimum of 10 characters

    • Maximum of 255 characters

    Locale

    JSA is available in the following languages: English, Simplified Chinese, Traditional Chinese, Japanese, Korean, French, German, Italian, Spanish, Russian, and Portuguese (Brazil).

    If you choose a different language, the user interface displays in English. Other associated cultural conventions, such as, character type, collation, format of date and time, currency unit are used.

    Enable Popup Notifications

    Select this check box if you want to enable pop-up system notifications to be displayed on your user interface.

Access Online Help

You can access the JSA Online Help through the main JSA user interface.

To access the Online Help, click Help >Help Contents.

Resize Columns

You can resize the columns on several tabs in JSA.

Place the pointer of your mouse over the line that separates the columns and drag the edge of the column to the new location. You can also resize columns by double-clicking the line that separates the columns to automatically resize the column to the width of the largest field.

Note

Column resizing does not work in Microsoft Internet Explorer, Version 7.0 web browsers when tabs are displaying records in streaming mode.

Page Size

Users with administrative privileges can configure the maximum number of results that display in the tables on various tabs in JSA.