User Interface Tabs

Dashboard Tab

The Dashboard tab is a workspace environment that provides summary and detailed information on events occurring in your network.

The Dashboard tab supports multiple dashboards on which you can display your views of network security, activity, or data that JSA collects. Five default dashboards are available. Each dashboard contains items that provide summary and detailed information about offenses that occur on your network. You can also create a custom dashboard to allow you to focus on your security or network operations responsibilities. For more information about using the Dashboard tab, see Dashboard Management.

Offenses Tab

The Offenses tab will allow you to view offenses that occur on your network, which you can locate by using various navigation options or through powerful searches.

From the Offenses tab, you can investigate an offense to determine the root cause of an issue. You can also resolve the issue.

For more information about Offenses tab, see Offense Management.

Log Activity Tab

The Log Activity tab will allow you to investigate event logs being sent to JSA in real-time, perform powerful searches, and view log activity by using configurable time-series charts.

The Log Activity tab will allow you to perform in-depth investigations on event data.

For more information, see Log Activity Investigation.

Network Activity Tab

Use the Network Activity tab to investigate flows that are sent in real-time, perform powerful searches, and view network activity by using configurable time-series charts.

A flow is a communication session between two hosts. Viewing flow information will allow you to determine how the traffic is communicated, what is communicated (if the content capture option is enabled), and who is communicating. Flow data also includes details such as protocols, ASN values, IFIndex values, and priorities.

For more information, see Network Activity Investigation.

Assets Tab

JSA automatically discovers assets, servers, and hosts, operating on your network.

Automatic discovery is based on passive flow data and vulnerability data, allowing JSA to build an asset profile.

Asset profiles provide information about each known asset in your network, including identity information, if available, and what services are running on each asset. This profile data is used for correlation purposes to help reduce false positives.

For example, an attack tries to use a specific service that is running on a specific asset. In this situation, JSA can determine whether the asset is vulnerable to this attack by correlating the attack to the asset profile. Using the Assets tab, you can view the learned assets or search for specific assets to view their profiles.

Reports Tab

The Reports tab will allow you to create, distribute, and manage reports for any data within JSA.

The Reports feature will allow you to create customized reports for operational and executive use. To create a report, you can combine information (such as, security or network) into a single report. You can also use preinstalled report templates that are included with JSA.

The Reports tab also will allow you to brand your reports with customized logos. This customization is beneficial for distributing reports to different audiences.

For more information about reports, see Report Management.

JSA Risk Manager

JSA Risk Manager is a separately installed appliance for monitoring device configurations, simulating changes to your network environment, and prioritizing risks and vulnerabilities in your network.

JSA Risk Manager uses data that is collected by configuration data from network and security device, such as firewalls, routers, switches, or IPSs, vulnerability feeds, and vendor security sources. This data is used to identify security, policy, and compliance risks within your network security infrastructure and the probability of those risks that are being exploited.