Security Director Application Integration Overview
The Security Director application integration provides a workflow to create Security Director firewall policies based on the events triggering the offense. You can create firewall rules in Security Director using the Security Director Extension wizard and apply them on firewall devices. JSA and IBM QRadar work with Security Director to block malicious IP addresses contained within an offense.
Administrators can integrate Security Director with the Juniper Secure Analytics (JSA) or IBM QRadar offense workflow by installing the Security Director application on JSA or IBM QRadar. The application is supported on JSA Release 2014.8 (IBM QRadar Release 7.2.8) and later.
You must register Security Director with JSA or IBM QRadar. After successful registration, you can create firewall rules using the Security Director Extension wizard.
This integration allows the JSA and IBM QRadar administrators to seamlessly create firewall rules for an offense and navigate to Security Director to view or modify firewall rules. In addition, after registration, all available reference sets in JSA or IBM QRadar are automatically converted to dynamic address groups in Security Director. Whenever an administrator creates a reference set, the corresponding dynamic address group is created in Security Director. The JSA and IBM QRadar administrators can use these dynamic address groups to configure firewall policy rules.
Administrators with policy create and edit access in Security Director can automatically create firewall rules from JSA and IBM QRadar.
Administrators can create rules and update the devices in their administrative domain, only.
Benefits of Security Director Application Integration
Administrator can quickly create firewall rules for an offense reported in JSA or IBM QRadar and deploy the rules to security devices using Security Director, resulting in faster threat prevention. This increases the speed at which malware can be blocked.
Reference sets in JSA or IBM QRadar are automatically converted to dynamic address groups in Security Director.