Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

New Features and Enhancements in JSA 7.3.3

 

The following new features and enhancements make it easier for administrators to manage their JSA 7.3.3 deployment.

To view a list of all new features in this release, see What’s New Guide.

Enhanced Parsing Support for Name Value Pair Events in the DSM Editor

In the DSM Editor, you can now easily parse both standard and custom properties from events in the Name Value Pair format without writing regular expressions (regex). When you enable Property autodiscovery for log source types that consume Name Value Pair events, all available fields are parsed as custom properties. With these new capabilities, administrators and users who have permission to create custom properties, can quickly and easily parse these events.

Use the DSM Editor to create a custom log source type to handle Name Value Pair events in JSA. Add custom properties to help parse an existing log source type. Use simple Name Value Pair expressions instead of regex to define how to parse custom properties. The DSM Editor automatically provides expressions for system properties based on their predefined keys in the Name Value Pair specification.

Turn on Name Value Pair property autodiscovery to discover custom properties for all Name Value Pair fields in any events that are received for the log source type. You can also use Name Value Pair expressions in the Custom Event Property Editor and when you manually create log source extensions.

The following figure shows where you parse Name Value Pair events in the DSM Editor.

Figure 1: Name Value Pair Structured Data Type
Name Value Pair Structured Data Type

To learn more about enhanced parsing support for Name Value Pair events, see the Juniper Secure Analytics Administration Guide.

Enhanced Parsing Support for Generic List Events

In the DSM Editor, you can now easily parse both standard and custom properties from events in the Generic List format without writing regular expressions (regex). When you enable Property autodiscovery for log source types that consume Generic List events, all available fields are parsed as custom properties. With these new capabilities, administrators and users who have permission to create custom properties, can quickly and easily parse these events. With these new capabilities, administrators and users who have permission to create custom properties, can quickly and easily parse these events.

Use the DSM Editor to create a custom log source type to handle Generic List events in JSA. You can also add custom properties to help parse an existing log source type in the DSM Editor. Use simple Generic List expressions instead of regex to define how to parse custom properties. The DSM Editor automatically provides expressions for system properties based on their predefined keys in the Generic List specification.

Turn on Generic List property autodiscovery to discover custom properties for all Generic List fields in any events that are received for the log source type. You can also use Generic List expressions in the Custom Event Property Editor and when you manually create log source extensions.

The following figure shows where you parse Generic List events in the DSM Editor.

Figure 2: Generic List Structured Data Type
Generic List Structured Data Type

To learn more about enhanced parsing support for Generic List events, see the Juniper Secure Analytics Administration Guide.

Removing Reference Data when you Uninstall a Content Extension

When you uninstall a content extension in JSA 7.3.3, any reference data that was installed by the content extension is removed or reverted to its previous state. Now when you uninstall a content extension, the reference data is removed, which frees disk space on your system.

Previously, JSA removed applications, rules, custom properties, and saved searches, but did not remove the reference data, which might impact performance.

To learn more about enhanced parsing support for LEEF and CEF events, see the Juniper Secure Analytics Administration Guide.

Export Content Faster in the DSM Editor

JSA 7.3.3 makes it faster to export your custom content in the DSM Editor. Use the Export button to easily export your content from one JSA deployment to another, or to external media. Previously, you could export custom content only by using a content management tool script.

The following figure shows where you export content in the DSM Editor.

Figure 3: Exporting Content from the DSM Editor
Exporting Content from the DSM Editor