Deployment and Application Tuning Overview
Tuning your JSA environment involves processes in which one or more parameters of an appliance, deployment, or running system are adjusted to run more efficiently.
After you install JSA and it is running, you can tune your JSA system in the following two phases:
Deployment phase | During this phase, you configure essential network, scanner, log source, and asset configurations. This phase is done at the start of your lifecycle management for JSA systems. |
Application phase | During this phase, you discover servers, investigate offenses, optimize custom rules, edit building blocks, tune false positives, and improve search performance in JSA. |
QRadar Use Case Manager app
You can also use the QRadar Use Case Manager to tune JSA. Use the guided tips in QRadar Use Case Manager (formerly JSA Tuning app) to help you ensure that JSA is optimally configured to accurately detect threats throughout the attack chain. For more information, see QRadar Use Case Manager.
Download the QRadar Use Case Manager from the IBM Security App Exchange.
Tuning videos
Watch the following videos on how to tune JSA:
Tuning JSA introduction: https://www.youtube.com/watch?v=xhrYeD3Pxiw&list=PLHh9jhztlMyofNhQ99Yw-XWilejl5egIH.
JSA Tuning wrap up: https://www.youtube.com/watch?v=OGiIi39azT4&list=PLHh9jhztlMyofNhQ99Yw-XWi1ejl5egIH&index=6%22.