Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

JSA

 

JSA 7.3.0 family of products includes new search analytics, simplified migration of deployed hosts, reduced time to deployment, improved performance, a more secure platform, and more.

Improve Performance and Uptime in JSA

These features improve performance and up time in JSA in 7.3.0.

Reduced downtime when applying software fixes to High Availability Event Collectors

When you apply a software fix to a High Availability pair of Event Collectors, new clustering technology is used that reduces downtime. This clustering technology minimizes the impact to the data collection process.

Master Console and Deployment Editor removed

Although Master Console isn't installed with JSA 7.3.0, you can use Master Console V0.11.0 that was released with JSA 2014.8 to monitor a JSA 7.3.0 deployment.

For more information about installing Master Console, see the JSA Master Console Guide.

System and License Management, which doesn't rely on Java, replaces Deployment Editor.

For more information about managing your JSA deployment, see the System Management chapter in Juniper Secure Analytics Administration Guide.

Improve Workflow in JSA

These features improve work flow in JSA for 7.3.0.

Easily distribute event and flow capacity across your deployment

Adapt to workload changes by allocating events per second (EPS) and flows per minute (FPM) to any host in your deployment, regardless of which host the license is allocated to.

The EPS and FPM from individual licenses are now aggregated into a shared license pool. As an administrator, you can use the new License Pool Management window to quickly see the cumulative EPS and FPM capacity across the deployment, and to determine the best way to allocate the EPS and FPM to the managed hosts.

For example, you have a JSA 2014.8 distributed deployment that has two event processors, one with 7,500 EPS and the other with 15,000 EPS. When you upgrade to JSA 7.3.0, each processor maintains the pre-upgrade EPS allocations, but the combined 22,500 EPS become part of the shared license pool. When the data volumes for the event processors change, or when you add a managed host, you can redistribute the EPS capacity.

For more information about managing the shared license pool, see the License Management chapter in the Juniper Secure Analytics Administration Guide.

New API endpoints

JSA 7.3.0 introduces many new categories of API endpoints and updates to existing endpoints in the following categories:

Analytics API endpoints

Analytics API endpoints

Custom rules

Configuration API endpoints

Hosts

License pool

Remote networks

Remote services

GUI App Framework endpoints

Named services

Staged configuration API endpoints

License pool

Remote networks

Remote services

Service endpoints

DNS lookups

DIG lookups

WHOIS lookups

For more information, see the Juniper Secure Analytics API Guide.

Strengthen Security in JSA

These features strengthen the security in JSA 7.3.0.

More secure operating system and flexible disk partitioning (LVM)

JSA runs on Red Hat Enterprise Linux version 7.3, which supports logical volume manager so that you can create and resize partitions and aggregate clusters of storage together.

For example, you have a JSA All-In-One on a Virtual Machine and you need more local disk space so that you can store the events for a longer period of time. You can add another disk to extend the /store partition.

Also, in Red Hat Enterprise Linux version 7.3, the service command is replaced with the systemctl command. Administrators who use scripts to manage their JSA deployments must review and update the scripts.

For example, update scripts to replace the old command, service <service_name> start|stop|restart, with the new command, systemctl|start|stop|restart <service_name>.

For more information about using the systemctl command, see the Red Hat Enterprise Linux version 7 documentation.

Protect your JSA instance with strong passwords

When you enable the policy, system authentication passwords must contain a minimum number of characters and optionally must also contain at least 3 of the following attributes: uppercase characters, lowercase characters, special characters, numbers. Users are prompted to change their password if they log in with a password that does not meet the requirements.

The password policy settings apply to administrative and non-administrative user passwords that are managed by JSA (system authentication). These settings do not apply to passwords that are managed by another authentication provider (external authentication) or root passwords.

For more information about configuring system authentication, see the User Management chapter in the Juniper Secure Analytics Administration Guide.

Security Technical Information Guide (STIG)

Secure your JSA installations at the level of security that is required by computer systems that operate in US Department of Defense (DoD) computer networks. Enhance overall security in JSA by following the instructions in the Security Technical Information Guide (STIG) to help ensure compliance.

Improve User Experience in JSA

These features improve the user experience in JSA 7.3.0.

Log source limits are removed

Improvements to the licensing model in JSA 7.3.0 now make it easier for you to manage log sources. Log source limits are removed and you no longer need to purchase licenses for log sources.

When you upgrade to JSA 7.3.0, the previous log source limits are removed.

For more information about JSA licenses, see the License Management chapter in the Juniper Secure Analytics Administration Guide.

Tenant users can create custom properties

Tenant users can create custom properties to extract or calculate important information from the event or flow payload without assistance from a Managed Security Service Provider (MSSP) administrator. With this capability, tenant users can view and search on data that JSA does not typically normalize and display.

As an MSSP administrator, you have write permissions to all custom properties that are created by tenant users. To improve search performance, you can optimize a tenant's custom properties when the properties are used frequently in rules and reports. Tenant users cannot optimize properties that they create.

For information about working with custom event and flow properties, see the Juniper Secure Analytics User Guide.

Tenant users can create reference data collections

In JSA 2014.8, tenant users can view reference data that is created by their MSSP Administrator. Now, in 7.3.0, tenant users who have the Delegated Administration > Manage Reference Data user role can create and manage their own reference data collections, without assistance from an MSSP Administrator.

With this capability, tenant users can track business data or data from external sources, and they can refer to the data in JSA searches, filters, rule test conditions, and rule responses. For example, a reference set that contains the user IDs of terminated employees can be used to prevent employees from logging in to the network.

For more information about working with reference data collections, see the Juniper Secure Analytics Administration Guide.

Ariel Query Language (AQL)

JSA 7.3.0 introduces new AQL functions and enhancements.

Group related events for better visibility into network and user activities

Use new AQL transactional sessions, to easily track network and user activity.

You can group events that are contextually related into your own unique sessions by using AQL transactional sequences. These sessions show you event sequences and the subsequent outcomes. For example, you can see how long someone is logged in, or whether any unauthorized login attempts were made.

For more information, see the Juniper Secure Analytics Ariel Query language Guide.

Separate network addresses from host addresses to enhance the filtering capability of your search

Use bitwise operators for AQL to mask IP addresses and to refine the IP address search criteria.

You can return all IP addresses for specific network segments or devices with specific IP addresses. You can filter your search on any or all four octets of an IP address octet. For example, you can use the bitwise AND operator to search for all IP addresses that match xxx.100.xxx.xxx to look at a specific set of IP addresses. You can use the LONG function to convert your IP addresses into long integers, which can be used in bitwise operations.

For more information, see the Juniper Secure Analytics Ariel Query language Guide.