Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Use Case: Device Configuration Audit

 

You can use the configuration information for network devices, which is captured by JSA Risk Manager, for audit compliance and to schedule configuration backups.

Configuration backups provide a centralized and automatic method of recording device changes for your audit compliance. Configuration backups archive configuration changes and provide a historical reference; you can capture a historical record or compare a configuration against another network device.

Configuration auditing in JSA Risk Manager provides you with the following options:

  • A historical record of your network device configurations.

  • A normalized view, which displays device changes when you compare configurations.

  • A tool to search for rules on your device.

The configuration information for your devices is collected from device backups in Configuration Source Management. Each time JSA Risk Manager backs up your device list, it archives a copy of your device configuration to provide a historical reference. The more often you schedule Configuration Source Management, the more configuration records you have for comparison and for historical reference.

Viewing Device Configuration History

You can view the configuration history of a network device.

You can view history information for network devices that were backed up. This information is accessible from the History pane on the Configuration Monitor page. The history pane provides information about a network device configuration and the date that the device configuration was last backed up using Configuration Source Management.

The configuration displays the type of files that are stored for your network device in JSA Risk Manager. The common configuration types are:

  • Standard-Element-Document (SED), which are XML data files that contain information about your network device. Individual SED files are viewed in their raw XML format. If an SED is compared to another SED file, then the view is normalized to display the rule differences.

  • Config, which are configuration files that are provided by certain network devices. These files depend on the device manufacturer. A configuration file can be viewed by double-clicking the configuration file.

Note

Depending on your device, several other configuration files might be displayed. Double-clicking these files displays the contents in plain text. The plain text view supports the find (Ctrl +f), paste (Ctrl+v), and copy (Ctrl+C) functions from the web browser window.

  1. Click the Risks tab.
  2. On the navigation menu, click Configuration Monitor.
  3. Double-click a configuration to view the detailed device information.
  4. Click History.
  5. On the History pane, select a configuration.
  6. Click View Selected.

Comparing Device Configurations for a Single Device

You can compare device configurations for a single device.

If the files that you compare are Standard-Element-Documents (SEDs), then you can view the rule differences between the configuration files.

When you compare normalized configurations, the color of the text indicates the following rules:

  • Green dotted outline indicates a rule or configuration that was added to the device.

  • Red dashed outline indicates a rule or configuration that was deleted from the device.

  • Yellow solid outline indicates a rule or configuration that was modified on the device.

  1. Click the Risks tab.
  2. On the navigation menu, click Configuration Monitor.
  3. Double-click any device to view the detailed configuration information.
  4. Click History to view the history for this device.
  5. Select a primary configuration.
  6. Press the Ctrl key and select a second configuration for comparison.
  7. On the History pane, click Compare Selected.
  8. Optional. To view the raw configuration differences, click View Raw Comparison.

    If the comparison is for a configuration file or another backup type, then the raw comparison is displayed.

Comparing Device Configurations for Different Devices

You can compare configurations for different devices. If the files that you compare are Standard-Element-Documents (SEDs), then you can view the rule differences between the configuration files.

When you compare normalized configurations, the color of the text indicates the following rules:

  • Green dotted outline indicates a rule or configuration that was added to the device.

  • Red dashed outline indicates a rule or configuration that was deleted from the device.

  • Yellow solid outline indicates a rule or configuration that was modified on the device.

  1. Click the Risks tab.
  2. On the navigation menu, click Configuration Monitor.
  3. Double-click any device to view the detailed configuration information.
  4. Click History to view the history for this device.
  5. Select a primary configuration.
  6. Click Mark for Comparison.
  7. From the navigation menu, select All Devices to return to the device list.
  8. Double-click the device to compare and click History.
  9. Select another configuration backup to compare with the marked configuration.
  10. Click Compare with Marked.
  11. Optional. To view the raw configuration differences, click View Raw Comparison.

    If the comparison is for a configuration file or another backup type, then the raw comparison is displayed.