- play_arrow What's New for Administrators
- play_arrow Overview of JSA Administration
- play_arrow User Management
- play_arrow License Management
- play_arrow System Management
- System Management
- System Health Information
- JSA Component Types
- Data Nodes
- Network Interface Management
- JSA System Time
- NAT-Enabled Networks
- Off-site Hosts Management
- Managed Hosts
- Configuration Changes in your JSA Environment
- Deploying Changes
- Restarting the Event Collection Service
- Shutting Down a System
- Restarting a System
- Collecting Log Files
- Changing the Root Password on Your JSA Console
- Resetting SIM
- play_arrow Event Data Processing in JSA
- Event Data Processing in JSA
- DSM Editor Overview
- Properties in the DSM Editor
- Property Configuration in the DSM Editor
- Opening the DSM Editor
- Configuring a Log Source Type
- Configuring Property Autodetection for Log Source Types
- Configuring Log Source Autodetection for Log Source Types
- Configuring DSM Parameters for Log Source Types
- Custom Log Source Types
- Custom Property Definitions in the DSM Editor
- Event Mapping
- Exporting Contents from the DSM Editor
- play_arrow Using Reference Data in JSA
- play_arrow User Information Source Configuration
- play_arrow Juniper Networks X-Force Integration
- play_arrow Managing Authorized Services
- play_arrow Backup and Recovery
- play_arrow Flow Sources Management
- play_arrow Remote Networks and Services Configuration
- play_arrow Server Discovery
- play_arrow Domain Segmentation
- play_arrow Multitenant Management
- Multitenant Management
- User Roles in a Multitenant Environment
- Domains and Log Sources in Multitenant Environments
- Provisioning a New Tenant
- Monitoring License Usage in Multitenant Deployments
- Rules Management in Multitenant Deployments
- Network Hierarchy Updates in a Multitenant Deployment
- Retention Policies for Tenants
- play_arrow Asset Management
- play_arrow Configuring JSA to Forward Data to Other Systems
- Forward Data to Other Systems
- Adding Forwarding Destinations
- Configuring Forwarding Profiles
- Configuring Routing Rules to Forward Data
- Using Custom Rules and Rule Responses to Forward Data
- Configuring Routing Rules to Use the JSA Data Store
- Viewing Forwarding Destinations
- Viewing and Managing Forwarding Destinations
- Viewing and Managing Routing Rules
- play_arrow Event Store and Forward
- play_arrow Security Content
- play_arrow SNMP Trap Configuration
- play_arrow Protect Sensitive Data
- play_arrow Log Files
- play_arrow Event Categories
- play_arrow Common Ports and Servers Used by JSA
- play_arrow RESTful API
IF-MAP Server Certificates
The Interface For Metadata Access Points (IF-MAP) rule response enables the JSA console to publish alert and offense data that is derived from events, flows, and offenses to an IF-MAP server.
Before you can configure IF-MAP authentication on the System Settings window, you must configure your IF-MAP server certificate.
Configuring IF-MAP Server Certificate for Basic Authentication
This task provides instruction for how to configure your IF-MAP certificate for basic authentication.
Contact your IF-MAP server administrator to obtain a copy of the IF-MAP server public certificate. The certificate must have the .cert file extension.
Using SSH, log in to JSA as the root user.
Copy the certificate to the /opt/qradar/conf/trusted_certificates directory.
Configuring IF-MAP Server Certificate for Mutual Authentication
Mutual authentication requires certificate configuration on your JSA console and on your IF-MAP server.
This task provides steps to configure the certificate on your JSA console. For assistance configuring the certificate on your IF-MAP server, contact your IF-MAP server administrator.
Contact your IF-MAP server administrator to obtain a copy of the IF-MAP server public certificate. The certificate must have the .cert file extension.
Using SSH, log in to JSA as the root user.
Access the certificate to the /opt/qradar/conf/trusted_certificates directory
Copy the SSL intermediate certificate and SSL Verisign root certificate to your IF-MAP server as CA certificates. For assistance, contact your IF-MAP server administrator.
Type the following command to create the Public-Key Cryptography Standards file with the .pkcs12 file extension:
openssl pkcs12 -export -inkey <private_key> -in <certificate> -out <pkcs12_filename.pkcs12> -name "IFMAP Client"
Type the following command to copy the pkcs12 file to the /opt/qradar/conf/key_certificates directory:
cp <pkcs12_filename.pkcs12> /opt/qradar/conf/key_certificates
Create a client on the IF-MAP server with the certificate authentication and upload the SSL certificate. For assistance, contact your IF-MAP server administrator.
Type the following command to change the permissions of the directory:
chmod 755 /opt/qradar/conf/trusted_certificates chmod 644 /opt/qradar/conf/trusted_certificates/*.cert
Type the following command to restart the Tomcat service:
systemctl restart tomcat
