Contributing Questions for Possible Communication Tests
SUMMARY The possible communication tests for assets include contributing questions and parameters that you can choose when you create a Policy Monitor test.
The following table lists and describes the contributing question parameters for possible communication tests.
Test Name | Description |
---|---|
have accepted communication to any destination |
Detects assets that have possible communications to or from any specified source or destination. For example, to determine whether a critical server can possibly receive communications from any source, configure the test as follows: have accepted communication from any source. You can then apply a restrictive test to return if that critical server received any communications on port 21. Run this test to detect out-of-policy communications for that critical server. |
have accepted communication to destination networks |
Detects assets that have possible communications to or from the configured network. Run this test to define a start or end point to your question. For example, to identify the assets that have the possibility of communicating to the DMZ, configure the test as follows: have accepted communication from source <networks>. You can use this test to detect out-of-policy communications. |
have accepted communication to destination IP addresses |
Detects assets that have possible communications to or from the configured IP address. Run this test to specify a single IP address as a focus for possible communications. For example, if you want to identify all assets that can communicate to a specific compliance server, configure the test as follows: have accepted communications to destination <compliance server IP address> |
have accepted communication to destination asset building blocks |
Detects assets that have possible communications to or from the configured asset by using building blocks. Run this test to reuse building blocks defined in the JSA Rules Wizard in your query. For example, if you want to identify all assets that can communicate to a Protected Assets, configure the test as follows: have accepted communications to destination
For more information about rules and building blocks, see the Juniper Secure Analytics Administration Guide. |
have accepted communication to destination asset saved searches |
Detects assets that have accepted communications to or from the assets that are returned by the saved search that you specify. A saved asset search must exist before you use this test. For more information about creating and saving an asset search, see the Juniper Secure Analytics Users Guide. |
have accepted communication to destination reference sets | Detects if source or destination communication are possible to or from reference sets. |
have accepted communication to the Internet |
Detects if source or destination communications are possible to or from the Internet. Specify the to or from parameter to consider communication traffic to the Internet or from the Internet. |
are susceptible to one of the following vulnerabilities |
Detects possible specific vulnerabilities. If you want to detect vulnerabilities of a particular type, use the test, are susceptible to vulnerabilities with one of the following classifications. Specify the vulnerabilities to which you want this test to apply. You can search for vulnerabilities by using the OSVDB ID, CVE ID, Bugtraq ID, or title. |
are susceptible to vulnerabilities with one of the following classifications |
A vulnerability can be associated with one or more vulnerability classifications. This test filters all assets that have possible vulnerabilities with a Common Vulnerability Scoring System (CVSS) score, as specified. Configure the classifications parameter to identify the vulnerability classifications that you want this test to apply. |
are susceptible to vulnerabilities with CVSS score greater than 5 |
A Common Vulnerability Scoring System (CVSS) value is an industry standard for assessing the severity of possible vulnerabilities. CVSS is composed of three metric groups: Base, Temporal, and Environmental. These metrics allow CVSS to define and communicate the fundamental characteristics of a vulnerability. This test filters assets in your network that include the configured CVSS value. |
are susceptible to vulnerabilities disclosed after specified date | Filters assets in your network with a possible vulnerability that is disclosed after, before, or on the configured date. |
are susceptible to vulnerabilities on one of the following ports |
Filters assets in your network with a possible vulnerability that is associated with the configured ports. Configure the ports parameter to identify assets that have possible vulnerabilities based on the specified port number. |
are susceptible to vulnerabilities where the name, vendor, version, or service contains one of the following text entries |
Detects assets in your network with a vulnerability that matches the asset name, vendor, version, or service based one or more text entries. Configure the text entries parameter to identify the asset name, vendor, version, or service you want this test to consider. |
are susceptible to vulnerabilities where the name, vend, version, or service contains one of the following regular expressions |
Detects assets in your network with a vulnerability that matches the asset name, vendor, version, or service based one or more regular expressions. Configure the regular expressions parameter to identify the asset name, vendor, version, or service you want this test to consider. |
are susceptible to vulnerabilities contained in vulnerability saved searches | Detects risks that are associated with saved searches that are created in JSA Vulnerability Manager. |
Deprecated Contributing Test Questions
If a test is replaced with another test, it is hidden in Policy Monitor.
The following tests are hidden in the Policy Monitor:
- assets that are susceptible to vulnerabilities from the following vendors
- assets that are susceptible to vulnerabilities from the following services
These contributing tests were replaced by other tests.