Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Security Profiles

 

Security profiles define which networks, log sources, and domains that a user can access.

JSA includes one default security profile for administrative users. The Admin security profile includes access to all networks, log sources, and domains.

Before you add user accounts, you must create more security profiles to meet the specific access requirements of your users.

Domains

Security profiles must be updated with an associated domain. You must define domains on the Domain Management window before the Domains tab is shown on the Security Profile Management window. Domain-level restrictions are not applied until the security profiles are updated, and the changes are deployed.

Domain assignments take precedence over all settings on the Permission Precedence, Networks, and Log Sources tabs.

If the domain is assigned to a tenant, the tenant name appears in brackets beside the domain name in the Assigned Domains window.

Permission Precedence

Permission precedence determines which security profile components to consider when the system displays events in the Log Activity tab and flows in the Network Activity tab.

Choose from the following restrictions when you create a security profile:

  • No Restrictions -This option does not place restrictions on which events are displayed in the Log Activity tab, and which flows are displayed in the Network Activity tab.

  • Network Only - This option restricts the user to view only events and flows that are associated with the networks that are specified in this security profile.

  • Log Sources Only -This option restricts the user to view only events that are associated with the log sources that are specified in this security profile.

  • Networks AND Log Sources -This option allows the user to view only events and flows that are associated with the log sources and networks that are specified in this security profile.

    For example, if the security profile allows access to events from a log source but the destination network is restricted, the event is not displayed in the Log Activity tab. The event must match both requirements.

  • Networks OR Log Sources - This option allows the user to view events and flows that are associated with either the log sources or networks that are specified in this security profile.

For example, if a security profile allows access to events from a log source but the destination network is restricted, the event is displayed on the Log Activity tab if the permission precedence is set to Networks OR Log Sources. If the permission precedence is set to Networks AND Log Sources, the event is not displayed on the Log Activity tab.

Permission Precedence for Offense Data

Security profiles automatically use the Networks OR Log Sources permission when offense data is shown. For example, if an offense has a destination IP address that your security profile permits you to see, but the security profile does not grant permissions to the source IP address, the Offense Summary window shows both the destination and source IP addresses.

Creating a Security Profile

To add user accounts, you must first create security profiles to meet the specific access requirements of your users.

JSA includes one default security profile for administrative users. The Admin security profile includes access to all networks, log sources, and domains.

To select multiple items on the Security Profile Management window, hold the Control key while you select each network or network group that you want to add.

If after you add networks, log sources or domains you want to remove one or more before you save the configuration, you can select the item and click the Remove (<) icon. To remove all items, click Remove All.

  1. On the navigation menu (), click Admin.
  2. On the navigation menu, click System Configuration >User Management.
  3. Click the Security Profiles icon.
  4. On the Security Profile Management window toolbar, click New.
  5. Configure the following parameters:
    1. In the Security Profile Name field, type a unique name for the security profile. The security profile name must meet the following requirements: minimum of 3 characters and maximum of 30 characters.

    2. Optional: Type a description of the security profile. The maximum number of characters is 255.

  6. Click the Permission Precedence tab.
  7. In the Permission Precedence Setting pane, select a permission precedence option. See Permission precedencePermission precedence determines which security profile components to consider when the system displays events in the Log Activity tab and flows in the Network Activity tab..
  8. Configure the networks that you want to assign to the security profile:
    1. Click the Networks tab.

    2. From the navigation tree in the left pane of the Networks tab, select the network that you want this security profile to have access to.

    3. Click the Add (>) icon to add the network to the Assigned Networks pane.

    4. Repeat for each network you want to add.

  9. Configure the log sources that you want to assign to the security profile:
    1. Click the Log Sources tab.

    2. From the navigation tree in the left pane, select the log source group or log source you want this security profile to have access to.

    3. Click the Add (>) icon to add the log source to the Assigned Log Sources pane.

    4. Repeat for each log source you want to add.

  10. Configure the domains that you want to assign to the security profile:
    1. Click the Domains tab.

    2. From the navigation tree in the left pane, select the domain that you want this security profile to have access to.

    3. Click the Add (>) icon to add the domain to the Assigned Domains pane.

    4. Repeat for each domain that you want to add.

  11. Click Save.Note

    The log sources and domains that are assigned to the security profile must match. You cannot save the security profile if the log sources and domains do not match.

  12. Close the Security Profile Management window.
  13. On the Admin tab menu, click Deploy Changes.

Editing a Security Profile

You can edit an existing security profile to update which networks and log sources a user can access and the permission precedence.

To quickly locate the security profile you want to edit on the Security Profile Management window, type the security profile name in the Type to filter text box. It is located above the left pane.

  1. On the navigation menu (), click Admin.
  2. On the navigation menu, click System Configuration >User Management.
  3. Click the Security Profiles icon.
  4. In the left pane, select the security profile you want to edit.
  5. On the toolbar, click Edit.
  6. Update the parameters as required.
  7. Click Save.
  8. If the Security Profile Has Time Series Data window opens, select one of the following options:

    Option

    Description

    Keep Old Data and Save

    Select this option to keep previously accumulated time series data. If you choose this option, users with this security profile might see previous data that they no longer have permission to see when they view time series charts.

    Hide Old Data and Save

    Select this option to hide the timeseries data. If you choose this option, time series data accumulation restarts after you deploy your configuration changes.

  9. Close the Security Profile Management window.
  10. On the Admin tab menu, click Deploy Changes.

Duplicating a Security Profile

If you want to create a new security profile that closely matches an existing security profile, you can duplicate the existing security profile and then modify the parameters.

To quickly locate the security profile you want to duplicate on the Security Profile Management window, you can type the security profile name in the Type to filter text box, which is located above the left pane.

  1. On the navigation menu (), click Admin.
  2. On the navigation menu, click System Configuration >User Management.
  3. Click the Security Profiles icon.
  4. In the left pane, select the security profile you want to duplicate.
  5. On the toolbar, click Duplicate.
  6. In the Confirmation window, type a unique name for the duplicated security profile.
  7. Click OK.
  8. Update the parameters as required.
  9. Close the Security Profile Management window.
  10. On the Admin tab menu, click Deploy Changes.

Deleting a Security Profile

If a security profile is no longer required, you can delete the security profile.

If user accounts are assigned to the security profiles you want to delete, you must reassign the user accounts to another security profile. JSA automatically detects this condition and prompts you to update the user accounts.

If user accounts are assigned to the security profiles you want to delete, you must reassign the user accounts to another security profile. Log Manager automatically detects this condition and prompts you to update the user accounts.

To quickly locate the security profile you want to delete on the Security Profile Management window, you can type the security profile name in the Type to filter text box. It is located above the left pane.

  1. On the navigation menu (), click Admin.
  2. On the navigation menu, click System Configuration >User Management.
  3. Click the Security Profiles icon.
  4. In the left pane, select the security profile that you want to delete.
  5. On the toolbar, click Delete.
  6. Click OK.
  7. Reassign the listed user accounts to another security profile:
    1. From the User Security Profile to assign list box, select a security profile.

    2. Click Confirm.

  8. Close the Security Profile Management window.
  9. On the Admin tab menu, click Deploy Changes.