- play_arrow What's New for Administrators
- play_arrow Overview of JSA Administration
- play_arrow User Management
- play_arrow License Management
- play_arrow System Management
- System Management
- System Health Information
- JSA Component Types
- Data Nodes
- Network Interface Management
- JSA System Time
- NAT-Enabled Networks
- Off-site Hosts Management
- Managed Hosts
- Configuration Changes in your JSA Environment
- Deploying Changes
- Restarting the Event Collection Service
- Shutting Down a System
- Restarting a System
- Collecting Log Files
- Changing the Root Password on Your JSA Console
- Resetting SIM
- play_arrow JSA Set Up Tasks
- JSA Set Up Tasks
- Network Hierarchy
- Automatic Updates
- Manual Updates
- Configuring System settings
- IF-MAP Server Certificates
- SSL Certificates
- IPv6 Addressing in JSA Deployments
- Advanced Iptables Rules Examples
- Data Retention
- System Notifications
- Custom Offense Close Reasons
- Configuring a Custom Asset Property
- Index Management
- Restrictions to Prevent Resource-intensive Searches
- App Hosts
- Checking the Integrity Of Event and Flow Logs
- Adding Custom Actions
- Managing Aggregated Data Views
- Accessing a GLOBALVIEW Database
- play_arrow Event Data Processing in JSA
- Event Data Processing in JSA
- DSM Editor Overview
- Properties in the DSM Editor
- Property Configuration in the DSM Editor
- Opening the DSM Editor
- Configuring a Log Source Type
- Configuring Property Autodetection for Log Source Types
- Configuring Log Source Autodetection for Log Source Types
- Configuring DSM Parameters for Log Source Types
- Custom Log Source Types
- Custom Property Definitions in the DSM Editor
- Event Mapping
- Exporting Contents from the DSM Editor
- play_arrow Using Reference Data in JSA
- play_arrow User Information Source Configuration
- play_arrow Juniper Networks X-Force Integration
- play_arrow Managing Authorized Services
- play_arrow Backup and Recovery
- play_arrow Flow Sources Management
- play_arrow Remote Networks and Services Configuration
- play_arrow Server Discovery
- play_arrow Domain Segmentation
- play_arrow Multitenant Management
- Multitenant Management
- User Roles in a Multitenant Environment
- Domains and Log Sources in Multitenant Environments
- Provisioning a New Tenant
- Monitoring License Usage in Multitenant Deployments
- Rules Management in Multitenant Deployments
- Network Hierarchy Updates in a Multitenant Deployment
- Retention Policies for Tenants
- play_arrow Asset Management
- play_arrow Configuring JSA to Forward Data to Other Systems
- Forward Data to Other Systems
- Adding Forwarding Destinations
- Configuring Forwarding Profiles
- Configuring Routing Rules to Forward Data
- Using Custom Rules and Rule Responses to Forward Data
- Configuring Routing Rules to Use the JSA Data Store
- Viewing Forwarding Destinations
- Viewing and Managing Forwarding Destinations
- Viewing and Managing Routing Rules
- play_arrow Event Store and Forward
- play_arrow Security Content
- play_arrow SNMP Trap Configuration
- play_arrow Protect Sensitive Data
- play_arrow Log Files
- play_arrow Common Ports and Servers Used by JSA
- play_arrow RESTful API
High-level Event Categories
Events in JSA log sources are grouped into high-level categories. Each event is assigned to a specific high-level category.
Categorizing the incoming events ensures that you can easily search the data.
The following table describes the high-level event categories.
Category | Category ID | Description |
|---|---|---|
1000 | Events that are related to scanning and other techniques that are used to identify network resources, for example, network or host port scans. | |
2000 | Events that are related to denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks against services or hosts, for example, brute force network DoS attacks. | |
3000 | Events that are related to authentication controls, group, or privilege change, for example, log in or log out. | |
4000 | Events resulting from an attempt to access network resources, for example, firewall accept or deny. | |
5000 | Events that are related to application exploits and buffer overflow attempts, for example, buffer overflow or web application exploits. | |
6000 | Events that are related to viruses, trojans, back door attacks, or other forms of hostile software. Malware events might include a virus, trojan, malicious software, or spyware. | |
7000 | The nature of the threat is unknown but behavior is suspicious. The threat might include protocol anomalies that potentially indicate evasive techniques, for example, packet fragmentation or known intrusion detection system (IDS) evasion techniques. | |
8000 | Events that are related to system changes, software installation, or status messages. | |
9000 | Events regarding corporate policy violations or misuse. | |
10000 | Events that are related to unknown activity on your system. | |
12000 | Events that are generated from an offense or event rule. | |
13000 | Events relate to potential application exploits and buffer overflow attempts. | |
14000 | Events that are related to flow actions. | |
15000 | Events that are related to user-defined objects. | |
16000 | Events that are related to user interaction with the Console and administrative functions. | |
17000 | Events that are related to the host, ports, or vulnerabilities that the VIS component discovers. | |
18000 | Events that are related to application activity. | |
19000 | Events that are related to audit activity. | |
20000 | Events that are related to risk activity in JSA Risk Manager. | |
21000 | Events that are related to audit activity in JSA Risk Manager. | |
22000 | Events that are related to your hardware system. | |
23000 | Events that are related to asset profiles. | |
24000 | Events that are related to UBA. |
