Topology Graph Searches
Use the topology search feature to view and investigate various elements of your network infrastructure.
Topology searches appear in a tabbed view, and each topology search opens it's own tab. The topology search results are cached for improved topology retrieval, resulting in faster processing time. The searches remain running in the background, so you can use other features of JSA Risk Manager.
You can use the search feature to filter your topology view, and zone in on network paths, hosts, subnets, and other network elements. You can refine your search down to the port or protocol level, for example you can search for potential attack paths on allowed protocols or ports.
You can search events by right-clicking devices and subnets, or search flows by right-clicking subnets.
Click Actions to access the Search menu. Enter your search criteria in the Search Criteria pane. The following are some of the search options that you can use:
If you search for a host, all devices that communicate with that host are displayed. If the host does not match an interface on a device, but is included in the subnet, then that subnet and all connected devices are displayed.
Search for a single CIDR, for example, 10.3.51.200/24.
If you're searching for multiple CIDRs, ensure that the CIDRs are valid and are separated by a comma, for example, 10.51.0.0/24,10.51.01/24.
A path search displays the traffic direction, fully or partially allowed protocols, and device rules. A path summary is displayed if you select any path search criteria other than the mandatory source and destination IP addresses.
Refine your path search by searching for applications, vulnerabilities, and users/groups.
NAT Indicators in Search Results
A NAT indicator, which is a solid green dot, displays in the topology graph if your search finds a path that contains source or destination translations.
A NAT indicator indicates that the destination IP address that was specified in the path filter might not be the final destination. Hover over the indicator to view the following information about the translations.
Table 1: Information Available from the NAT Indicator
The translated source IP or CIDR.
The translated source ports, if applicable.
The result of the translation that was applied to the source.
Translated Source Port(s)
The result of the translation that was applied to the source port(s), if applicable.
The translated destination IP or CIDR.
The translated destination ports, if applicable.
The result of the translation that was applied to the destination.
Translated Destination Port(s)
The result of the translation that was applied to the destination port(s), if applicable.
The routing phase when the translation was applied. Translations are applied either pre- or post-routing.