Types Of Security Content
JSA content is bundled into two types: content packs and extensions.
Content packs-- Security content packs contain enhancements to specific types of security content. Often, they include content for third-party integrations or operating systems. For example, a security content pack for a third-party integration might contain new custom event properties that make information in the event payload searchable for the log source and available for reporting.
Extensions-- Juniper and other vendors write security extensions that enhance or extend JSA capabilities. An extension can contain apps, content items, such as custom rules, report templates, saved searches, or contain updates to existing content items. For example, an extension might include an app to add a tab in JSA that provides visualizations for an offense.
On IBM Security App Exchange, extensions are known as apps. You can download JSA apps from IBM Security App Exchange and use the Extensions Management tool to install them. Apps are not available as part of an auto-update.
Sources Of Security Content
JSA deployments-- You export custom content from a JSA deployment as an extension and then import it into another system when you want to reuse the content. For example, you can export content from your development environment to your production environment. You can use the content management script to export all content, or you can choose to export only some custom content.