JSA automatically discovers and classifies servers in your network, providing for a faster initial deployment, and making tuning easier when network changes occur.
Server discovery uses the asset profile database to discover several types of servers in your network. You can select the servers that you want to include in your building blocks.
For more information about server discovery, see the Juniper Secure Analytics Administration Guide.
To discover servers, JSA must receive vulnerability assessment (VA) scanner data or flow traffic. Server discovery uses this data to configure port mappings in the asset profile. For more information, see the Juniper Secure Analytics Managing Vulnerability Assessment Guide.
JSA uses building blocks to tune the system and allow more correlation rules to be enabled. This reduces the number of false positives that are detected by JSA, and helps you to identify business critical assets.
Administrators must determine what servers to discover.
Authorized servers --You can add authorized infrastructure servers to a selected building block. JSA monitors these servers while it suppresses false positives that are specific to the server category.
Multiple building blocks --Servers might be in multiple categories. You must enable JSA to place these servers in multiple building blocks. For example, Active Directory domain controllers might be identified as both Microsoft Windows and DNS servers.
Identify authorized servers --After you review the server discovery list, you might not be familiar with all the servers in the list. These servers might be in another business unit or operate within a testing or staging environment. If you identify these servers as authorized, then add them to the building block.
Categorize servers --You can enable JSA to categorize unauthorized servers or servers that run unauthorized services into a related building block. If you find that categorizing servers results in generating an excessive number of offenses, then use server discovery to place the servers in a building block.
Server discovery uses the JSA asset profile database to discover different server types that are based on the port definitions. Use Server Discovery to select the servers to add to a server type building block.
- Click the Assets tab.
- On the navigation menu, click Server Discovery.
- From the Server Type list, select the server type that you want to discover. The default is Database Servers.
- Select one of the following options to determine the servers
that you want to discover:
All To search all servers in your deployment with the currently selected server type.
Assigned To search servers in your deployment that were assigned to the currently selected server type.
Unassigned To search servers in your deployment that have no previous assignment.
- From the Network list, select the network that you want to search.
- Click Discover Servers.
- Click Approve Selected Servers.
- In the Matching Servers table, select the check box or boxes of all the servers you want to assign to the server role.
If you want to modify the search criteria, click either Edit Ports or Edit Definition.
For more information about discovering servers, see the Juniper Secure Analytics Administration Guide.