Automatic Updates
You can automatically or manually update your configuration files to ensure that your configuration files contain the latest network security information.
Updated configuration files help to eliminate false positives and to protect your system from the latest malicious sites, botnets, and other suspicious Internet activity.
Automatic Update Requirements
The JSA Console must be connected to the Internet to receive the updates. If your Console is not connected to the Internet, you must configure an internal update server for your Console to download the files from.
To maintain the integrity of your current configuration and information, either replace your existing configuration files or integrate the updated files with your existing files.
After you install updates on your Console and deploy your changes, the Console updates its managed hosts.
Description Of Updates
Update files can include the following updates:
Configuration updates that are based on content, including configuration file changes, vulnerabilities, QID maps, supportability scripts, and security threat information updates.
DSM, scanner, and protocol updates that include corrections to parsing issues, scanner changes, and protocol updates.
Major updates, such as updated JAR files or large patches, that require restarting the user interface service.
Minor updates, such as daily automatic update logs or QID map scripts, that do not restart the user interface service.
Automatic Updates for High Availability Deployments
When you update your configuration files on a primary host and deploy your changes, the updates are automatically made on the secondary host. If you do not deploy your changes, the updates are made on the secondary host through an automated process that runs hourly.
Frequency Of Automatic Updates for New Installations and Upgrades
The default frequency of the automatic update is determined by the installation type and the JSA version.
If you upgrade from JSA versions earlier than 2014.1, the value to which the update frequency is set remains the same after the upgrade. By default, the update is set to weekly, but you can manually change the frequency.
If you install a new installation of JSA 2014.1 or later, the default frequency of the update is daily. You can manually change the frequency.
Viewing Pending Updates
Your system is preconfigured for weekly automatic updates. You can view the pending updates in the Updates window.
Your system needs to be operational long enough to retrieve the weekly updates. If no updates are displayed in the Updates window, either your system has not been in operation long enough to retrieve the weekly updates or no updates have been issued. If this occurs, you can manually check for new updates. For more information about checking for new updates, see Checking for New Updates.
The Check for Updates toolbar provides the following functions:
Function |
Description |
---|---|
Hide |
Select one or more updates, and then click Hide to remove the selected updates from the Check for Updates page. You can view and restore the hidden updates on the Restore Hidden Updates page. For more information, see Restoring Hidden Updates. |
Install |
You can manually install updates. When you manually install updates, the installation process starts within a minute. For more information, see Manually Installing Automatic Updates. |
Schedule |
You can configure a specific date and time to manually install selected updates on your Console. Scheduling is useful when you want to schedule the update installation during off-peak hours. For more information, see Scheduling an Update. |
Unschedule |
You can remove preconfigured schedules for manually installing updates on your Console. For more information, see Scheduling an Update. |
Search By Name |
You can locate a specific update by name. |
Next Refresh |
This counter displays the amount of time until the next automatic refresh. The list of updates on the Check for Updates page automatically refreshes every 60 seconds. The timer is automatically paused when you select one or more updates. |
Pause |
Pauses the automatic refresh process. To resume automatic refresh, click Play. |
Refresh |
Refreshes the list of updates. |
On the navigation menu (), click Admin.
In the System Configuration section, click Auto Update.
To view details on an update, select the update.
Configuring Automatic Update Settings
You customize the automatic update settings to change the frequency, update type, server configuration, and backup settings.
You can select the Auto Deploy to automatically deploy updates. If Auto Deploy is not selected, then you must manually deploy changes, from the Dashboard tab, after updates are installed.
In high-availability (HA) environment, automatic updates aren't installed when a secondary host is active. The updates are installed only after the primary host become the active node.
You can select Auto Restart Service to allow automatic updates that require the user interface to restart. A user interface disruption occurs when the service restarts. Alternatively, you can manually install the updated from the Check for Updates window.
On the navigation menu (), click Admin.
In the System Configuration section, click Auto Update.
Click Change Settings.
On the Basic tab, select the schedule for updates.
In the Configuration Updates section, select the method that you want to use for updating your configuration files.
To merge your existing configuration files with the server updates without affecting your custom signatures, custom entries, and remote network configurations, select Auto Integrate.
To override your customizations with server settings, select Auto Update.
In the DSM, Scanner, Protocol Updates section, select an option to install updates.
In the Major Updates section, select an option for receiving major updates for new releases.
In the Minor Updates section, select an option for receiving patches for minor system issues.
If you want to deploy update changes automatically after updates are installed, select the Auto Deploy check box.
If you want to restart the user interface service automatically after updates are installed, select the Auto Restart Service check box.
Click the Advanced tab to configure the update server and backup settings.
-
In Web Server field, type the web server from which you want to obtain the updates.
The default web server is https://download.juniper.net/ .
-
In the Directory field, type the directory location on which the web server stores the updates.
The default directory is software/strm/autoupdate/.
Optional: Configure the settings for proxy server.
If the application server uses a proxy server to connect to the Internet, you must configure the proxy server. If you are using an authenticated proxy, you must provide the username and password for the proxy server.
In the Backup Retention Period list, type or select the number of days that you want to store files that are replaced during the update process.
The files are stored in the location that is specified in the Backup Location. The minimum is one day and the maximum is 65535 years.
In the Backup Location field, type the location where you want to store backup files.
In the Download Path field, type the directory path location to which you want to store DSM, minor, and major updates.
The default directory path is /store/configservices/staging/updates.
-
Configuring Updates Behind a Proxy Server That Uses SSL or TLS Interception
To configure JSA updates behind a proxy server, add your proxy server's CA certificate to the ca-bundle.crt file.
Create a backup copy of the ca-bundle.crt file in JSA. For example, use the copy command to create a .bak file: cp /etc/ssl/certs/ca-bundle.crt{,bak}.
Get the root CA certificate from your proxy server. For more information, see the proxy server documentation.
Note:You must use only the root CA certificate from your proxy server.
Add the CA certificate to the ca-bundle.crt file by typing the following command as one line:
cp proxycert.pem/etc/pki/ca-trust/source/anchors
Extract the certificate by typing the following command:
update-ca-trust extract
Type the following command to run the auto update:
/opt/qradar/bin/UpdateConfs.pl -ds runnow 1
Verify that auto updates work by tailing the log in /var/log/autoupdates/.
Scheduling an Update
Automatic updates occur on a recurring schedule according to the settings on the Update Configuration page. You can also schedule an update or a set of updates to run at a specific time.
To reduce performance impacts on your system, schedule a large update to run during off-peak hours.
For detailed information on each update, you can select the update. A description and any error messages are displayed in the right pane of the window.
On the navigation menu (), click Admin.
In the System Configuration section, click Auto Update.
Optional: If you want to schedule specific updates, select the updates that you want to schedule.
From the Schedule list box, select the type of update you want to schedule.
Using the calendar, select the start date and time of when you want to start your scheduled updates.
Clearing Scheduled Updates
You can cancel any scheduled update.
Scheduled updates display a status of Scheduled in the Status field. After the schedule is cleared, the status of the update displays as New.
On the navigation menu (), click Admin.
In the System Configuration section, click Auto Update.
Click Check for Updates.
If you want to clear specific scheduled updates, select the updates that you want to clear.
From the Unschedule list box, select the type of scheduled update that you want to clear.
Checking for New Updates
Juniper Networks provides updates on a regular basis. By default, the Auto Update feature is scheduled to automatically download and install updates. If you require an update at a time other than the preconfigured schedule, you can download new updates.
On the navigation menu (), click Admin.
In the System Configuration section, click Auto Update.
Click Check for Updates.
Click Get new updates.
Manually Installing Automatic Updates
Juniper Networks provides updates regularly. By default, updates are automatically downloaded and installed on your system. However, you can install an update at a time other than the preconfigured schedule.
The system retrieves the new updates from https://download.juniper.net/. This might take an extended period. When complete, new updates are listed on the Updates window.
On the navigation menu (), click Admin.
In the System Configuration section, click Auto Update.
Click Check for Updates.
Optional: If you want to install specific updates, select the updates that you want to schedule.
From the Install list box, select the type of update you want to install.
Viewing Your Update History
After an update was successfully installed or failed to install, the update is displayed on the View Update History page.
On the navigation menu (), click Admin.
In the System Configuration section, click Auto Update.
Click View Update History.
Optional: Using the Search by Name field, you can type a keyword and then press Enter to locate a specific update by name.
To investigate a specific update, select the update.
A description of the update and any installation error messages are displayed in the right pane of the View Update History page.
Restoring Hidden Updates
You can remove updates from the Check for Updates page. You can view and restore the hidden updates on the Restore Hidden Updates page.
On the navigation menu (), click Admin.
In the System Configuration section, click Auto Update.
Click Restore Hidden Updates.
Optional: To locate an update by name, type a keyword in the Search by Name text box and press Enter.
Select the hidden update that you want to restore.
Click Restore.
Viewing the Autoupdate Log
The autoupdate log contains the most recent automatic update that was run on your system.
On the navigation menu (), click Admin.
In the System Configuration section, click Auto Update.
On the navigation menu, click View Log.