Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Custom Dashboards

 

You can customize your dashboards. The content that is displayed on the Dashboard tab is user-specific. Changes that are made within a JSA session affect only your system.

To customize your Dashboard tab, you can perform the following tasks:

  • Create custom dashboards that are relevant to your responsibilities. 255 dashboards per user is the maximum; however, performance issues might occur if you create more than 10 dashboards.

  • Add and remove dashboard items from default or custom dashboards.

  • Move and position items to meet your requirements. When you position items, each item automatically resizes in proportion to the dashboard.

  • Add custom dashboard items that are based on any data.

For example, you can add a dashboard item that provides a time series graph or a bar chart that represents top 10 network activity.

To create custom items, you can create saved searches on the Network Activity or Log Activity tabs and choose how you want the results that are represented in your dashboard. Each dashboard chart displays real-time up-to-the-minute data. Time series graphs on the dashboard refresh every 5 minutes.

Flow Search

You can display a custom dashboard item that is based on saved search criteria from the Network Activity tab.

Flow search items are listed in the Add Item >Network Activity >Flow Searches menu. The name of the flow search item matches the name of the saved search criteria the item is based on.

Default saved search criteria is available and is preconfigured to display flow search items on your Dashboard tab menu. You can add more flow search dashboard items to your Dashboard tab menu. For more information, see Adding Search-based Dashboard Items to the Add Items List.

On a flow search dashboard item, search results display real-time last-minute data on a chart. The supported chart types are time series, table, pie, and bar. The default chart type is bar. These charts are configurable. For more information about configuring charts, see Configuring Charts.

Time series charts are interactive. Using the time series charts, you can magnify and scan through a timeline to investigate network activity.

Offenses

You can add several offense-related items to your dashboard.

Note

Hidden or closed offenses are not included in the values that are displayed in the Dashboard tab. For more information about hidden or closed events, see Offense Management.

The following table describes the Offense items:

Table 1: Offense Items

Dashboard items

Description

Most Recent Offenses

The five most recent offenses are identified with a magnitude bar to inform you of the importance of the offense. Point to the offense name to view detailed information for the IP address.

Most Severe Offenses

The five most severe offenses are identified with a magnitude bar to inform you of the importance of the offense. Point to the offense name to view detailed information for the IP address.

My Offenses

The My Offenses item displays 5 of the most recent offenses that are assigned to you. The offenses are identified with a magnitude bar to inform you of the importance of the offense. Point to the IP address to view detailed information for the IP address.

Top Sources

The Top Sources item displays the top offense sources. Each source is identified with a magnitude bar to inform you of the importance of the source. Point to the IP address to view detailed information for the IP address.

Top Local Destinations

The Top Local Destinations item displays the top local destinations. Each destination is identified with a magnitude bar to inform you of the importance of the destination. Point to the IP address to view detailed information for the IP

Categories

The Top Categories Types item displays the top 5 categories that are associated with the highest number of offenses.

Log Activity

The Log Activity dashboard items will allow you to monitor and investigate events in real time.

Note

Hidden or closed events are not included in the values that are displayed in the Dashboard tab.

Table 2: Log Activity Items

Dashboard item

Description

Event Searches

You can display a custom dashboard item that is based on saved search criteria from the Log Activity tab. Event search items are listed in the Add Item >Network Activity >Event Searches menu. The name of the event search item matches the name of the saved search criteria the item is based on.

You can display a custom dashboard item that is based on saved search criteria from the Log Activity tab. Event search items are listed in the Add Item >Log Activity >Event Searches menu. The name of the event search item matches the name of the saved search criteria the item is based on.

JSA includes default saved search criteria that is preconfigured to display event search items on your Dashboard tab menu. You can add more event search dashboard items to your Dashboard tab menu. For more information, see Adding search-based dashboard items to the Add Items list.

On a Log Activity dashboard item, search results display real time last-minute data on a chart. The supported chart types are time series, table, pie, and bar. The default chart type is bar. These charts are configurable.

Time series charts are interactive. You can magnify and scan through a timeline to investigate log activity.

Events By Severity

The Events By Severity dashboard item displays the number of active events that are grouped by severity. This item will allow you to see the number of events that are received by the level of severity assigned. Severity indicates the amount of threat an offense source poses in relation to how prepared the destination is for the attack. The range of severity is 0 (low) to 10 (high). The supported chart types are Table, Pie, and Bar.

Top Log Sources

The Top Log Sources dashboard item displays the top 5 log sources that sent events to JSA within the last 5 minutes.

The Top Log Sources dashboard item displays the top 5 log sources that sent events to JSA Log Manager within the last 5 minutes.

The number of events that are sent from the specified log source is indicated in the pie chart. This item will allow you to view potential changes in behavior, for example, if a firewall log source that is typically not in the top 10 list now contributes to a large percentage of the overall message count, you should investigate this occurrence. The supported chart types are Table, Pie, and Bar.

System Summary

The System Summary dashboard item provides a high-level summary of activity within the past 24 hours.

Within the summary item, you can view the following information:

  • Current Flows Per Second Displays the flow rate per second.

  • Flows (Past 24 Hours) Displays the total number of active flows that are seen within the last 24 hours.

  • Current Events Per Second Displays the event rate per second.

  • New Events (Past 24 Hours) Displays the total number of new events that are received within the last 24 hours.

  • Updated Offenses (Past 24 Hours) Displays the total number of offenses that have been either created or modified with new evidence within the last 24 hours.

  • Data Reduction Ratio Displays the ratio of data reduced based on the total events that are detected within the last 24 hours and the number of modified offenses within the last 24 hours.

Risk Monitoring Dashboard

You use the Risk Monitoring dashboard to monitor policy risk and policy risk change for assets, policies and policy groups.

By default, the Risk Monitoring dashboard displays Risk and Risk Change items that monitor the policy risk score for assets in the High Vulnerabilities, Medium Vulnerabilities, and Low Vulnerabilities policy groups, as well as compliance pass rates and historical changes in policy risk score in the CIS policy group.

The Risk Monitoring dashboard items do not display any results unless JSA Risk Manager is licensed. For more information, see JSA Risk Manager Users Guide.

To view the default Risk Monitoring dashboard, select Show Dashboard >Risk Monitoring on the Dashboard tab.

Monitoring Policy Compliance

Create a dashboard item that shows policy compliance pass rates and policy risk score for selected assets, policies, and policies groups.

  1. Click the Dashboard tab.
  2. On the toolbar, click New Dashboard.
  3. Type a name and description for your policy compliance dashboard.
  4. Click OK.
  5. On the toolbar, select Add Item >Risk Manager >Risk.

    Risk Manager dashboard items are displayed only when JSA Risk Manager is licensed.

  6. On the header of the new dashboard item, click the yellow Settings icon.
  7. Use the Chart Type, Display Top, and Sort lists to configure the chart.
  8. From the Group list, select the group that you want to monitor. For more information, see the table in step 9.

    When you select the Asset option, a link to the Risks >Policy Management >By Asset page appears at the bottom of the Risk dashboard item. The By Asset page displays more detailed information about all results that are returned for the selected Policy Group. For more information on a specific asset, select Table from Chart Type list and click the link in the Asset column to view details about the asset in the By Asset page.

    When you select the Policy option, a link to the Risks >Policy Management >By Policy page appears at the bottom of the Risk dashboard item. The By Policy page displays more detailed information about all results that are returned for the selected Policy Group. For more information on a specific policy, select Table from Chart Type list and click the link in the Policy column to view details about the policy in the By Policy page.

  9. From the Graph list, select the graph type that you want to use. For more information, see the following table:

    Group

    Asset Passed Percentage

    Policy Checks Passed Percentage

    Policy Group Passed Percentage

    Policy Risk Score

    All

    Returns the average asset percentage pass rate across assets, policies, and the policy group.

    Returns the average policy check percentage pass rate across assets, policies, and the policy group.

    Returns the average policy group pass rate across all assets, policies, and the policy group.

    Returns the average policy risk score across all assets, policies, and the policy group.

    Asset

    Returns whether an asset passes asset compliance (100%=passed, 0%=failed).

    Use this setting to show which assets associated with a Policy Group pass compliance.

    Returns percentage of policy checks that an asset passes.

    Use this setting to show the percentage of policy checks that passed for each asset that is associated with the Policy Group.

    Returns the percentage of policy subgroups that are associated with the asset that pass compliance.

    Returns the sum of all importance factor values for policy questions that are associated with each asset.

    Use this setting to view the policy risk for each asset that is associated with a selected policy group.

    Policy

    Returns whether all the assets associated with each policy in a Policy group pass compliance.

    Use this setting to monitor whether all the assets associated with each policy in a Policy Group pass or not.

    Returns percentage of policy checks that pass per policy in the policy group.

    Use this setting to monitor how many policy checks are failing per policy.

    Returns the percentage of policy subgroups of which the policy is a part that pass compliance.

    Returns the importance factor values for each policy question in the Policy group.

    Use this setting to view the importance factor for each policy in a policy group.

    Policy Group

    Returns the percentage of assets that pass compliance for the selected Policy Group as a whole.

    Returns the percentage of policy checks that pass per policy for the policy group as a whole.

    Returns the percentage of policy subgroups within the Policy Group that pass compliance.

    Returns the sum of all importance factor values for all policy questions in the Policy group.

  10. From the Policy Group list, select the policy groups that you want to monitor.
  11. Click Save.

Monitoring Risk Change

Create a dashboard item that shows policy risk change for selected assets, policies, and policies groups on a daily, weekly, and monthly basis.

Use this dashboard item to compare changes in the Policy Risk Score, Policies Checks, and Policies values for a policy group over time.

The Risk Change dashboard item uses arrows to indicate where policy risk for selected values that increased, decreased, or stayed the same over a chosen time period:

  • The number beneath the red arrow indicates the values that show an increased risk.

  • The number beneath the gray arrows indicates the values where there is no change in risk.

  • The number beneath the green arrow indicates the values that show a decreased risk.

  1. Click the Dashboard tab.
  2. On the toolbar, click New Dashboard.
  3. Type a name and description for your historical policy compliance dashboard.
  4. Click OK.
  5. On the toolbar, select Add Item >Risk Manager >Risk Change.

    Risk Manager Dashboard items are displayed only when JSA Risk Manager is licensed.

  6. On the header of the new dashboard item, click the yellow Settings icon.
  7. From the Policy Group list, select the policy groups that you want to monitor.
  8. Select an option from the Value To Compare list:
    • If you want to see the cumulative changes in importance factor for all policy questions within the selected policy groups, select Policy Risk Score.

    • If you want to see how many policy checks changed within the selected policy groups, select Policies Checks.

    • If you want to see how many policies changed within the selected policy groups, select Policies.

  9. Select the risk change period that you want to monitor from the Delta Time list:
    • If you want to compare risk changes from 12:00 a.m. today with yesterday's risk changes, select Day.

    • If you want to compare risk changes from Monday 12:00 a.m. this week with last week's risk changes, select Week.

    • If you want to compare risk changes from the 12:00 a.m. on the first day of the current month with last month's risk changes, select Month.

  10. Click Save.

Vulnerability Management Items

Vulnerability Management dashboard items are only displayed when JSA Vulnerability Manager is purchased and licensed.

For more information, see the Juniper Secure Analytics Vulnerability Manager User Guide.

You can display a custom dashboard item that is based on saved search criteria from the Vulnerabilities tab. Search items are listed in the Add Item >Vulnerability Management >Vulnerability Searches menu. The name of the search item matches the name of the saved search criteria the item is based on.

JSA includes default saved search criteria that is preconfigured to display search items on your Dashboard tab menu. You can add more search dashboard items to your Dashboard tab menu.

The supported chart types are table, pie, and bar. The default chart type is bar. These charts are configurable.

System Notification

The Systems Notification dashboard item displays event notifications that are received by your system.

For notifications to show in the System Notification dashboard item, the Administrator must create a rule that is based on each notification message type and select the Notify check box in the Custom Rules Wizard.

For more information about how to configure event notifications and create event rules, see the Juniper Secure Analytics Administration Guide.

On the System Notifications dashboard item, you can view the following information:

  • Flag Displays a symbol to indicate severity level of the notification. Point to the symbol to view more detail about the severity level.

    • Health icon

    • Information icon (?)

    • Error icon (X)

    • Warning icon (!)

  • Created Displays the amount of time elapsed since the notification was created.

  • Description Displays information about the notification.

  • Dismiss icon (x) Will allow you to close a system notification.

You can point your mouse over a notification to view more details:

  • Host IP Displays the host IP address of the host that originated the notification.

  • Severity Displays the severity level of the incident that created this notification.

  • Low Level Category Displays the low-level category that is associated with the incident that generated this notification. For example: Service Disruption.

  • Payload Displays the payload content that is associated with the incident that generated this notification.

  • Created Displays the amount of time elapsed since the notification was created.

When you add the System Notifications dashboard item, system notifications can also display as pop-up notifications in the JSA user interface. These pop-up notifications are displayed in the lower right corner of the user interface, regardless of the selected tab.

Pop-up notifications are only available for users with administrative permissions and are enabled by default. To disable pop-up notifications, select User Preferences and clear the Enable Pop-up Notifications check box.

In the System Notifications pop-up window, the number of notifications in the queue is highlighted. For example, if (1 - 12) is displayed in the header, the current notification is 1 of 12 notifications to be displayed.

The system notification pop-up window provides the following options:

  • Next icon (>) Displays the next notification message. For example, if the current notification message is 3 of 6, click the icon to view 4 of 6.

  • Close icon (X) - Closes this notification pop-up window.

  • (details) Displays more information about this system notification.

Internet Threat Information Center

The Internet Threat Information Center dashboard item is an embedded RSS feed that provides you with up-to-date advisories on security issues, daily threat assessments, security news, and threat repositories.

The Current Threat Level diagram indicates the current threat level and provides a link to the Current Internet Threat Level page of the JSA Internet Security Systems website.

Current advisories are listed in the dashboard item. To view a summary of the advisory, click the Arrow icon next to the advisory. The advisory expands to display a summary. Click the Arrow icon again to hide the summary.

To investigate the full advisory, click the associated link.