Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Juniper X-Force Exchange Plug-in for JSA

The Juniper X-Force Exchange (XFE) is a sharing platform for threat intelligence that is used by security analysts, network security specialists, and security operations center teams.

The X-Force Exchange (XFE) plug-in provides the option to search the information on the X-Force Exchange website for IP addresses, URLs, CVEs, and web applications that are found in JSA.

For example, you can right-click a URL from a JSA event to see what data the X-Force Exchange contains about the URL.

You can also use the right-click lookup option to submit IP addresses or URL data from JSA searches, offenses, and rules to a public or private collection. The collection stores the information in one place as you use the data for more research.

Collections also contain a section that serves as a wiki-style notepad, where you can add comments or any free text that is relevant. You can use the collection to save X-Force reports, text comments, or any other content. An X-Force report has both a version of the report from the time that it was saved and a link to the current version of the report.

Juniper X-Force Exchange Right-click Plug-in Installation

Install the X-Force Exchange plug-in on your JSA Console so that you have right-click functionality to access data in X-Force Exchange.

This procedure requires a web server restart from the Admin tab to load the plug-in after the RPM is installed. Restarting the web server logs out all JSA users, so it is advised that you install this plug-in during scheduled maintenance.

If your JSA system is version 2014.4 or later, the plug-in is already installed. Administrators can verify that the plug-in is installed by right-clicking on any IP address in JSA, and selecting More Options >Plugin options. If the Juniper X-Force Exchange lookup is displayed, then the plug-in is installed.

  1. Download the X-Force Exchange right-click plug-in from https://ibm.biz/BdX4BW.

    1. Copy the RPM file to the JSA console.

    2. Type the following command to install the plug-in: rpm -Uvh RightClick-XFE-7.2.<version>.x86_64.rpm

  2. Log in to the JSA console as an admin user.

  3. On the navigation menu (), click Admin.

  4. Select Advanced >Restart Web Server.

    After the web server restarts, the X-Force right-click plug-in is enabled for IP addresses in JSA for URL fields in the Log Activity tab.

  5. Log in to the pop-up window for the X-Force Exchange website by using your IBM id, or continue as a guest.

    Guest users are not able to use all features on the X-Force Exchange website.

  6. Close the browser window after the initial login to the Juniper X-Force Exchange website.

Related Documentation