Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

JSA Common Procedures

Various controls on the JSA user interface are common to most user interface tabs.

Information about these common procedures is described in the following sections.

Viewing Notifications

The Notifications menu, which is on the upper right corner of the user interface, provides access to a window in which you can read and manage your system notifications.

For system notifications to show on the Notifications window, the administrator must create a rule that is based on each notification message type and select the Notify check box in the Custom Rules Wizard.

The Messages menu indicates how many unread system notifications you have in your system. This indicator increments the number until you close system notifications. For each system notification, the Messages window provides a summary and the date stamp for when the system notification was created. You can hover your mouse pointer over a notification to view more detail. Using the functions on the Messages window, you can manage the system notifications.

System notifications are also available on the Dashboard tab and on an optional pop-up window that can be displayed on the lower left corner of the user interface. Actions that you perform in the Messages window are propagated to the Dashboard tab and the pop-up window. For example, if you close a system notification from the Messages window, the system notification is removed from all system notification displays.

For more information about Dashboard system notifications, see Managing System Notifications.

  1. Log in to JSA .

  2. On the upper right corner of the user interface, click Notifications.

  3. On the Messages window, view the system notification details.

  4. Optional. To refine the list of system notifications, click one of the following options:

    • Errors

    • Warnings

    • Information

  5. Optional. To close system notifications, choose of the following options:

    Option

    Description

    Dismiss All

    Click to close all system notifications.

    Dismiss

    Click the Dismiss icon next to the system notification that you want to close.

  6. Optional. To view the system notification details, hover your mouse pointer over the system notification.

Refreshing and Pausing JSA

You can manually refresh, pause, and play the data that is displayed on tabs.

  • Dashboard tab--The Dashboard tab automatically refreshes every 60 seconds. The timer, which is on the upper right corner of the interface, indicates the amount of time that remains until the tab is automatically refreshed.

    Click the title bar of any dashboard item to automatically pause the refresh time. The timer flashes red to indicate that the current display is paused.

  • Log Activity and Network Activity tabs--The Log Activity and Network Activity tabs automatically refresh every 60 seconds if you are viewing the tab in Last Interval (auto refresh) mode.

    When you view the Log Activity or Network Activity tab in Real Time (streaming) or Last Minute (auto refresh) mode, you can use the Pause icon to pause the current display.

  • Offenses tab--The Offenses tab must be refreshed manually. The timer, which is on the upper right corner of the interface, indicates the amount of time since the data was last refreshed. The timer flashes red when the timer is paused.

Investigating IP Addresses

You can use several methods to investigate information about IP addresses on the Dashboard, Log Activity, and Network Activity tabs.

  1. Log in to JSA.

  2. Click the tab that you want to view.

  3. Move your mouse pointer over an IP address to view the location of the IP address.

  4. Right-click the IP address or asset name and select one of the following options:

    Table 1: IP Addresses Information

    Option

    Description

    Navigate >View by Network

    Displays the networks that are associated with the selected IP address.

    Navigate >View Source Summary

    Displays the offenses that are associated with the selected source IP address.

    Navigate >View Destination Summary

    Displays the offenses that are associated with the selected destination IP address.

    Information >DNS Lookup

    Searches for DNS entries that are based on the IP address.

    Information >WHOIS Lookup

    Searches for the registered owner of a remote IP address. The default WHOIS server is whois.arin.net.

    Information >Port Scan

    Performs a Network Mapper (NMAP) scan of the selected IP address. This option is only available if NMAP is installed on your system. For more information about installing NMAP, see your vendor documentation.

    Information >Asset Profile

    Displays asset profile information.

    This option is displayed if JSA Vulnerability Manager is purchased and licensed. For more information, see the Juniper Secure Analytics Vulnerability Manager User Guide.

    This menu option is available if JSA acquired profile data either actively through a scan or passively through flow sources.

    This menu option is available if JSA acquired profile data actively through a scan.

    For information, see the Juniper Secure Analytics Administration Guide.

    Information >Search Events

    Searches for events that are associated with this IP address.

    Information >Search Flows

    Searches for flows that are associated with this IP address.

    Information >Search Connections

    Searches for connections that are associated with this IP address. This option is only displayed if you purchased JSA Risk Manager and connected JSA and the JSA Risk Manager appliance. For more information, see the Juniper Secure Analytics Risk Manager User Guide.

    Information >Switch Port Lookup

    Determines the switch port on a Cisco IOS device for this IP address. This option applies only to switches that are discovered by using the Discover Devices option on the Risks tab.

    Note:

    This menu option isn't available in Log Manager

    Information >View Topology

    Displays the Risks tab, which depicts the layer 3 topology of your network. This option is available if you purchased JSA Risk Manager and connected JSA and the JSA Risk Manager appliance. appliance.

    Run Vulnerability Scan

    Select the Run Vulnerability Scan option to scan an JSA Vulnerability Manager scan on this IP address. This option is only displayed when JSA Vulnerability Manager has been purchased and licensed. For more information, see the Juniper Secure Analytics Vulnerability Manager User Guide.

System Time

The right corner of the JSA user interface displays system time, which is the time on the console.

The console time synchronizes JSA systems within the JSA deployment. The console time is used to determine what time events were received from other devices for correct time synchronization correlation.

In a distributed deployment, the console might be in a different time zone from your desktop computer.

When you apply time-based filters and searches on the Log Activity and Network Activity tabs, you must use the console system time to specify a time range.

When you apply time-based filters and searches on the Log Activity tab, you must use the console system time to specify a time range.

Updating User Preferences

You can set your user preference, such as locale, in the main JSA user interface.

  1. To access your user information, click Preferences.

  2. Update your preferences.

    Option

    Description

    Username

    Displays your user name. You cannot edit this field.

    Password

    JSA user passwords are stored as a salted SHA-256 string.

    The password must meet the following criteria:

    • Minimum of 6 characters

    • Maximum of 255 characters

    • Contain at least 1 special character

    • Contain 1 uppercase character

    Password (Confirm)

    Password confirmation

    Email Address

    The email address must meet the following requirements:

    • Minimum of 10 characters

    • Maximum of 255 characters

    Locale

    JSA is available in the following languages: English, Simplified Chinese, Traditional Chinese, Japanese, Korean, French, German, Italian, Spanish, Russian, and Portuguese (Brazil).

    If you choose a different language, the user interface displays in English. Other associated cultural conventions, such as, character type, collation, format of date and time, currency unit are used.

    Enable Popup Notifications

    Select this check box if you want to enable pop-up system notifications to be displayed on your user interface.

Related Documentation