Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

December 22, 2022 Release

Juniper Security Director Cloud New Features: December 22, 2022

Monitor

  • Global search—You can use the advanced search navigation aid on the top bar of the Juniper Security Director Cloud interface to search for the following:

    • Navigational elements in the menu pane on the left

    • Tasks related to creation and addition of objects in the managed network

    [See Juniper Security Director Cloud Overview.]

  • IPS reports—You can generate an IPS report that includes charts and details that display:

    • IPS activity over time

    • Top attacks

    • Categories of attacks

    • Target hosts

    [See Reports Overview.]

  • You can configure the following Security Director Cloud Insights features at Monitor > Insights:

    • Incidents—You can view all incidents related to an endpoint on a user timeline. The data is displayed in Grid view. In the Timeline section, you can select a log parser from the list to view log data in the timeline graph. You can view the incident ID, status of the incident, incident progression, and so on. You can click an incident to view more details and create Service Now tickets if required.

      [See Monitor Incidents.]

    • Mitigation—You can view the list of endpoints and threat sources that Security Director Cloud Insights mitigates. You can select an event and disable the mitigation, if enabled, and vice versa.

      [See Monitor Mitigation.]

Device Management

  • Enable automatic updates for the security package—You can configure your devices to automatically install and update the security package at specified intervals. For example, you can configure your devices to install the IPS signature on a specific date and time and thereafter check and update the latest IPS signature after every two days. [See Enable Automatic Update of Security Package.]

  • Predefined configuration template for DHCP—You can use a predefined DHCP configuration template as a starting point for creating your own configuration templates. Each template is a set of rules of a specific rule base type that you can copy and then update according to your requirements. [See Configuration Templates Overview.]

  • Delete IPsec VPN completely or only from associated devices—You can delete site-to-site, hub-and-spoke, and remote-access IPsec VPNs completely and remove the VPN configurations from the associated devices. You can also delete the VPN configurations from specific spoke devices. [See Delete an IPsec VPN]

Security Policies

  • Compare policy versions—You can compare two different versions of a security policy and decide to do one of the following:

    • Roll back to a previous version of a policy.

    • Make certain configuration changes and deploy the security policy again.

    [See Compare Policy Versions.]

  • Specify whether a rule is global or zone-based—You can choose to save a rule as a zone-based rule or as a global rule after you've satisfied these requirements:

    • Enabled the Save rule option in the organization settings.

    • Selected a single zone as the source and a single zone as the destination.

    [See Add a Security Policy Rule.]

  • Delete security policies—You can mark a security policy for deletion and deploy that policy to delete it from the device. You can also revert the policy marked for deletion. If a security policy has multiple devices assigned to it, you can unassign the devices and redeploy the policy to delete the policy from the unassigned devices. [See Delete a Security Policy.]

NAT

  • Delete NAT policies—You can mark a NAT policy for deletion and deploy that policy to delete it from the device. You can also revert the NAT policy marked for deletion. If a NAT policy has multiple devices assigned to it, you can unassign the devices and redeploy the NAT policy to delete the NAT policy from the unassigned devices. [See Delete a NAT Policy.]

Objects

  • Import and export addresses—You can import and export addresses from Juniper Security Director Cloud in a comma-separated values (CSV) file format. While exporting addresses, you can choose to export all addresses or select specific addresses to export. [See About the Addresses Page.]

Shared Services

You can configure the following Security Director Cloud Insights features at Shared Services > Insights.

  • On-premises collector status—You can view the on-premises collector details such as name, IP address, disk, memory, CPU, and status.

    [See About the Collectors Page.]

  • On-premises collector log parsers—You can use the Log Parsers page to define how the log parser parses the system log data. You can create multiple parsers for different log sources. Use the flexible parser to:

    • Parse the logs.

    • Normalize the fields.

    • Filter logs based on your configured criteria.

    • Assign severity and semantics to various fields.

    [See About the Log Parsers Page.]

  • On-premises collector log source—You can create multiple log parsers for different log sources. The log source name is the hostname portion of the syslog message that Security Director Cloud Insights uses to identify the log source.

    [See About the Log Sources Page.]

  • On-premises collector identity settings—Security Director Cloud Insights interfaces with Juniper Identity Management Service (JIMS) to map endpoint IP addresses in events and logs to usernames and hostnames. You can configure JIMS to provide access information to Security Director Cloud Insights.

    [See About the Identity Settings Page.]

  • Cloud collector—You can enable or disable the Insights functionality for all logs that arrive directly from an SRX Series Firewall or Juniper Secure Edge.

    [See About the Cloud Collector Page.]

  • Event scoring rules—You can use event scoring rules to customize a log event to match your security operations center (SOC) processes. The rules comprise conditions and actions.

    [See About the Event Scoring Rules Page.]

  • Incident scoring rules—You can use incident scoring rules to score the risk of an incident. To do this, verify that other events that contributed toward this incident have already blocked the indicators of compromise from execution or mitigated them. The rules comprise conditions and actions.

    [See About the Incident Scoring Rules Page.]

  • Threat intelligence—You can use trusted threat intelligence providers to determine indicators of compromise and to confirm the maliciousness of the reported events. Security Director Cloud Insights supports the IBM X-Force, VirusTotal, and OPSWAT Metadefender threat intelligence sources.

    [See About the Threat Intelligence Page.]

  • Service Now—You can configure your Service Now account to create tickets for incidents.

    [See About the Service Now Configuration.]

  • Correlation time—You can configure the correlation time. The correlation time is the time (in minutes) that you need to create the window in which related events are grouped within an incident.

    [See About the Correlation Time Page.]

Administration

  • Subscriptions—You can select a maximum of 50 devices to manage subscriptions of multiple devices simultaneously. The selected devices must belong to the same product series and have the same subscription type. The Subscription drop-down list on the Manage Subscriptions page now contains dynamic subscription options that are compatible with the selected devices along with generic subscriptions and trial subscriptions. [See About the Subscriptions Page.]

Secure Edge New Features: December 22, 2022

Monitor

Download Secure Edge report—You can download the Secure Edge report for the required month and year from the Secure Edge Reports page. You can also update the report recipients using the Update Report Recipients option.

[See About the Secure Edge Reports Page.]

Secure Edge

Enhancements on the Sites page—We have made the following enhancements on the Sites page:

  • You can see the lists of deployed sites and undeployed sites in two different tabs.

  • You can import multiple sites by uploading a Microsoft Excel file to the Create Bulk Sites page. You can download the sample file template, enter the site details, and upload the filled-in template to create bulk sites.

    [See About the Sites Page.]

Service Administration

Enhancement in the PAC Files interface—You can now use the new PAC file builder to customize cloned proxy auto-configuration files. You can add domains and IP addresses and designate servers as on-premises. Juniper Secure Edge excludes these network components from the proxy auto-configuration file processing, and the traffic that reaches these network components bypasses Juniper Secure Edge. The wizard contains two tabs—Basic and Advanced. You can use the Advanced tab to directly configure the XML code. You can now also generate new recommended proxy auto-configuration files and delete existing recommended proxy auto-configuration files.

[See About the PAC Page.]

Juniper Security Director Cloud Bug Fixes: December 22, 2022

  • The Interfaces tab on the Network page (SRX > Device Management > Devices > Network) page was displaying two instances for the same interface: one with an IP address and another without any IP address. This issue is now resolved.

  • Users were able to provide any port number in destination NAT pool for the Port field and device was accepting the configuration. This issue is now resolved.

  • During Security policy import, object conflict was shown for a content security profile. Also, the object conflict was shown if the action is set to Rename object in previous import. These issues are now resolved.

  • While editing the IPS rule, the Options column was getting resized automatically and reducing the size for other columns. This issue was seen only with higher resolutions (for example, 2560x1017pixels). This issue is now resolved.

Secure Edge Bug Fixes: December 22, 2022

There are no bug fixes in this release for Secure Edge.