Use the Domain Management window to create domains based on JSA input sources.
Use the following guidelines when you create domains:
Everything that is not assigned to a user-defined domain is automatically assigned to the default domain. Users who have limited domain access should not have administrative privileges because this privilege grants unlimited access to all domains.
You can map the same custom property to two different domains, however the capture result must be different for each one.
You cannot assign a log source, log source group, or event collector to two different domains. When a log source group is assigned to a domain, each of the mapped attributes is visible in the Domain Management window.
Security profiles must be updated with an associated domain. Domain-level restrictions are not applied until the security profiles are updated, and the changes deployed.
- On the navigation menu (), click Admin.
- In the System Configuration section, click Domain Management.
- To add a domain, click Add and type a unique
name and description for the domain.
You can check for unique names by typing the name in the Input domain name search box.
- Depending on the domain criteria to be defined, click
the appropriate tab.
To define the domain based on a custom property, log source group, log source, or event collector, click the Events tab.
To define the domain based on a flow source or flow processor, click the Flows tab.
To define the domain based on a scanner, including JSA Vulnerability Manager scanners, click the Scanners tab.
- To assign a custom property to a domain, in the Capture
Result box, type the text that matches the result of the regular
expression (regex) filter.
You must select the Optimize parsing for rules, reports, and searches check box in the Custom Event Properties window to parse and store the custom event property. Domain segmentation will not occur if this option is not checked.
- From the list, select the domain criteria and click Add.
- After you add the source items to the domain, click Create.
Create security profiles to define which users have access to the domains. After you create the first domain in your environment, you must update the security profiles for all non-administrative users to specify the domain assignment. In domain-aware environments, non-administrative users whose security profile does not specify a domain assignment will not see any log activity or network activity.
Review the hierarchy configuration for your network, and assign existing IP addresses to the proper domains. For more information, see Network Hierarchy.