Available JSA Capabilities After Migration
After you migrate Log Manager to JSA, a number of security intelligence capabilities are available.
The following table describes some of the added capabilities:
Table 1: JSA Features
Network Activity Tab
View and manage network activity on your network.
View and manage offenses, which are alerts that notify you of suspicious network or log activity. Use rule tests and responses for testing both network and log activity.
View and manage assets and vulnerabilities on your network.
Enhanced Reports Tab
Use more report types, including Asset Vulnerabilities, Flows, Top Source IP addresses, Top Destination IP addresses, and Top Offenses.
Enhanced Dashboard Tab
Manage multiple dashboard views, and add new dashboard items that are related to offenses, sources, and destinations.
The Internet Threat Information Center dashboard item is not automatically added to your system when you migrate Log Manager to JSA.
Adding the Internet Threat Information Center Dashboard Item
The Internet Threat Information Center dashboard item is an embedded RSS feed that provides you with up-to-date advisories on security issues, daily threat assessments, security news, and threat repositories.
- Use SSH to log in to JSA as the root user.
- Restart the JSA web service by typing the
service tomcat restart
- Log in to JSA.
- Click Dashboard >Show Dashboard >Threat and Security Monitoring to verify that the Internet Threat Information Center dashboard item appears.