Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Getting Started for Architects

 

If you're an architect, the following topics are a good place to get started to learn how to use JSA in your everyday workflow.

Architecture

Do you understand the distributed architecture and the roles of various components of JSA?

  • JSA architecture overview

    JSA SIEM (Security Information and Event Management) is a modular architecture that provides real-time visibility of your IT infrastructure, which you can use for threat detection and prioritization. You can scale JSA to meet your log and flow collection, and analysis needs. You can add integrated modules to your JSA platform, such as JSA Risk Manager, and JSA Vulnerability Manager.

  • JSA components

    Use JSA components to scale a deployment, and to manage data collection and processing in distributed networks.

  • JSA events and flows

    The core functions of JSA are managing network security by monitoring flows and events. A significant difference between event and flow data is that an event, which typically is a log of a specific action such as a user login, or a VPN connection, occurs at a specific time and the event is logged then. A flow is a record of network activity that can last for seconds, minutes, hours, or days, depending on the activity within the session.

Do you know how to scope an environment for architectural requirements, data rates, and retention policies to optimally build a JSA deployment?

  • Data retention

    Retention buckets define how long event and flow data is retained in JSA. As JSA receives events and flows, each one is compared against the retention bucket filter criteria. When an event or flow matches a retention bucket filter, it is stored in that retention bucket until the deletion policy time period is reached. The default retention period is 30 days; then, the data is immediately deleted.

  • Distributing event and flow capacity

    Use the License Pool Management window to ensure that the events per second (EPS) and flows per minute (FPM) that you are entitled to is fully used. Also, ensure that JSA is configured to handle periodic bursts of data without dropping events or flows, or having excessive unused EPS and FPM.

Flow sources

Do you know how to determine which network segments are reporting to JSA?

  • Guidelines for defining your network hierarchy

    Building a network hierarchy in JSA is an essential first step in configuring your deployment. Without a configured network hierarchy, JSA cannot determine flow directions, build a reliable asset database, or benefit from useful building blocks in rules.

  • Defining your network hierarchy

    A default network hierarchy that contains pre-defined network groups is included in JSA. You can edit the pre-defined network hierarchy objects, or you can create new network groups or objects.