Searching Device Rules
In JSA Risk Manager, you can search for rules that changed on the devices in your topology. You can also discover rule changes that occur between device configuration backups.
The results that are returned for a rule search are based on the configuration source management backup of your device. To ensure that rule searches provide up-to-date information, you can schedule device backups in your firewall policy update page.
- Click the Risks tab.
- In the navigation pane, click Configuration Monitor.
- Double-click a device from the Configuration Monitor page.
- On the Rules pane toolbar, click Search >New Search.
- In the Search Criteria area, click a time range.
- To search your device rules, choose from the following
To search for Shadowed, Deleted or Other rules, click a status option.
By default all status options are enabled. To search for shadow rules only, clear the Deleted and Other options.
To search for an access control list (ACL), type in the List field.
To search on the order number of the rule entry, type a numeric value in the Entry field.
To search for a source or destination, type an IP address, CIDR address, host name, or object group reference.
To search for ports or object group references, type in the Service field.
The service can include port ranges, such as 100-200, or port expressions, such as 80(TCP). If the port is negated, the port information also includes an exclamation mark and might be surrounded by parenthesis, for example, !(100-200) or !80(TCP).
To search for vulnerability rule information as defined by the IPS device, type in the Signature field.
To search for applications by adapter, click Select Applications, then type an adapter or application name.
- Click Search.