Getting Started in JSA
To get started in JSA, learn about investigating offenses, creating reports, and searching events, flows, and assets.
For example, you can search information by using default saved searches in the Log Activity and Network Activity tabs. You can also create and save your own custom searches.
Administrators can perform the following tasks:
Search event data by using specific criteria and display events that match the search criteria in a results list. Select, organize, and group the columns of event data.
Visually monitor and investigate flow data in real time, or perform advanced searches to filter the displayed flows. View flow information to determine how and what network traffic is communicated.
View all the learned assets or search for specific assets in your environment.
Investigate offenses, source and destination IP addresses, and network behaviors.
Edit, create, schedule, and distribute default or custom reports.