- play_arrow What's New for Administrators
- play_arrow Overview of JSA Administration
- play_arrow User Management
- play_arrow License Management
- play_arrow System Management
- System Management
- System Health Information
- JSA Component Types
- Data Nodes
- Network Interface Management
- JSA System Time
- NAT-Enabled Networks
- Off-site Hosts Management
- Managed Hosts
- Configuration Changes in your JSA Environment
- Deploying Changes
- Restarting the Event Collection Service
- Shutting Down a System
- Restarting a System
- Collecting Log Files
- Changing the Root Password on Your JSA Console
- Resetting SIM
- play_arrow JSA Set Up Tasks
- JSA Set Up Tasks
- Network Hierarchy
- Automatic Updates
- Manual Updates
- Configuring System settings
- IF-MAP Server Certificates
- SSL Certificates
- IPv6 Addressing in JSA Deployments
- Advanced Iptables Rules Examples
- Data Retention
- System Notifications
- Custom Offense Close Reasons
- Configuring a Custom Asset Property
- Index Management
- Restrictions to Prevent Resource-intensive Searches
- App Hosts
- Checking the Integrity Of Event and Flow Logs
- Adding Custom Actions
- Managing Aggregated Data Views
- Accessing a GLOBALVIEW Database
- play_arrow Using Reference Data in JSA
- play_arrow User Information Source Configuration
- play_arrow Juniper Networks X-Force Integration
- play_arrow Managing Authorized Services
- play_arrow Backup and Recovery
- play_arrow Flow Sources Management
- play_arrow Remote Networks and Services Configuration
- play_arrow Server Discovery
- play_arrow Domain Segmentation
- play_arrow Multitenant Management
- Multitenant Management
- User Roles in a Multitenant Environment
- Domains and Log Sources in Multitenant Environments
- Provisioning a New Tenant
- Monitoring License Usage in Multitenant Deployments
- Rules Management in Multitenant Deployments
- Network Hierarchy Updates in a Multitenant Deployment
- Retention Policies for Tenants
- play_arrow Asset Management
- play_arrow Configuring JSA to Forward Data to Other Systems
- Forward Data to Other Systems
- Adding Forwarding Destinations
- Configuring Forwarding Profiles
- Configuring Routing Rules to Forward Data
- Using Custom Rules and Rule Responses to Forward Data
- Configuring Routing Rules to Use the JSA Data Store
- Viewing Forwarding Destinations
- Viewing and Managing Forwarding Destinations
- Viewing and Managing Routing Rules
- play_arrow Event Store and Forward
- play_arrow Security Content
- play_arrow SNMP Trap Configuration
- play_arrow Protect Sensitive Data
- play_arrow Log Files
- play_arrow Event Categories
- play_arrow Common Ports and Servers Used by JSA
- play_arrow RESTful API
Exporting Contents from the DSM Editor
You can use a content management tool script to export custom content that is created in the DSM Editor. Contents can be exported from one JSA deployment and imported into another JSA deployment. You can also export custom content to external media.
The DSM Editor produces the following content types:
Custom content type | String | ID |
|---|---|---|
Custom properties | customproperty | 6 |
Log source type | sensordevicetype | 24 |
Log source extensions | deviceextension | 16 |
Custom QidMap entries | qidmap | 27 |
The contentManagement.pl script is in the /opt/qradar/bin directory
Exporting Contents As a Package
You can use the content management tool script to search for specific content that is created in the DSM Editor. These contents are exported as a package.
Use SSH to log in to JSA as the root user.
To search for specific content items to export, type the following command:
./contentManagement.pl -a search -c [content_type] -r [regex]
For example, to search for the content items of a log source type, type the following command:
/opt/qradar/bin/contentManagement.pl -a search -c 24 -r "<search_name>"
Create a text file that lists the content that you want to export.
Each line must include the custom content type followed by a comma-separated list of unique IDs for that type.
For example, to export three log source types with ID 24, ID 26, and ID 95, all custom properties, create a text file with the following entries:
sensordevicetype, 24,26,95
Export the content items as a package by using the following command:
/opt/qradar/bin/contentManagement.pl -a export -c package -f <source_file>
Exporting Content for Single Custom Property
You can use the content management tool script to export content for each custom property that is created from the Properties tab in the DSM Editor.
When you use the DSM Editor to create custom properties, a customproperty entity is produced for each custom property that is created.
Use SSH to log in to JSA as the root user.
To search for specific content to export, type the following command:
./contentManagement.pl -a search -c [content_type] -r [regex]
For example, to search for the content of a custom property, type the following command:
/opt/qradar/bin/contentManagement.pl -a search -c 6 -r "<name_of_custom_property>"
To export a custom property content, type the following command:
/opt/qradar/bin/contentManagement.pl -a export -c [content_type] -i [content_identifier]
