Policy Monitor Questions to Assess and Monitor Risk
SUMMARY You can define questions in Policy Monitor to assess and monitor risk based on network activity, vulnerabilities, and firewall rules.
When you submit a question, the topology search is based on the data type that you selected:
- For questions based on assets, the search is based on the network assets that violated a defined policy or assets that introduced risk into the network.
- For questions based on devices or rules, the search either identifies the rules in a device that violated a defined policy or introduced risk into the network.
- If a question is based on asset compliance, the search identifies if an asset is compliant with a CIS benchmark.
Important: If you configured JSA for multiple domains, asset questions monitor
only assets in your default domain. Asset compliance questions monitor assets in your
default domain unless you configured another domain in the Domain
Management window in the Admin tab. For more
information about domain management, see the Juniper Secure Analytics
Administration Guide.
Devices or rules questions look for violations in rules and policy and do not have restrictive test components. You can also ask devices or rules questions for applications.
Asset tests are divided into these categories:
- A contributing test uses the question parameters to examine the risk indicators that are specified in the question. Risk data results are generated, which can be further filtered by using a restrictive test. Contributing tests are shown in the Which tests do you want to include in your question area. Contributing tests return data based on assets detected that match the test question.
- A restrictive test narrows the results that are returned by a contributing test question. Restrictive tests display only in the Which tests do you want to include in your question area after a contributing test is added. You can add restrictive tests only after you include a contributing test in the question. If you remove or delete a contributing test question, the restrictive test question cannot be saved.
Asset compliance questions look for assets that are not in compliance with CIS benchmarks. The tests that are included in the CIS benchmark are configured with the Compliance Benchmark Editor.