Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close

keyboard_arrow_left

Table of Contents Expand all

play_arrow What's New for Administrators
- What's New for Administrators
- New Features and Enhancements in JSA 7.4.2
- New Features and Enhancements in JSA 7.4.1
- New Features and Enhancements in JSA 7.4.0
play_arrow Overview of JSA Administration
- JSA Administration
- Capabilities in Your JSA Product
- Supported Web Browsers
play_arrow User Management
- User Management
- User Roles
- Security Profiles
- User Accounts
- User Authentication
- LDAP Authentication
- SAML Single Sign-on Authentication
play_arrow License Management
- License Management
- Event and Flow Processing Capacity
- Burst Handling
- Uploading a License Key
- Allocating a License Key to a Host
- Distributing Event and Flow Capacity
- Viewing License Details
- Deleting Expired Licenses
- Exporting License Information
play_arrow System Management
- System Management
- System Health Information
- JSA Component Types
- Data Nodes
- Network Interface Management
- JSA System Time
- NAT-Enabled Networks
- Off-site Hosts Management
- Managed Hosts
- Configuration Changes in your JSA Environment
- Deploying Changes
- Restarting the Event Collection Service
- Shutting Down a System
- Restarting a System
- Collecting Log Files
- Changing the Root Password on Your JSA Console
- Resetting SIM
play_arrow JSA Set Up Tasks
- JSA Set Up Tasks
- Network Hierarchy
- Automatic Updates
- Manual Updates
- Configuring System settings
- IF-MAP Server Certificates
- SSL Certificates
- IPv6 Addressing in JSA Deployments
- Advanced Iptables Rules Examples
- Data Retention
- System Notifications
- Custom Offense Close Reasons
- Configuring a Custom Asset Property
- Index Management
- Restrictions to Prevent Resource-intensive Searches
- App Hosts
- Checking the Integrity Of Event and Flow Logs
- Adding Custom Actions
- Managing Aggregated Data Views
- Accessing a GLOBALVIEW Database
play_arrow Event Data Processing in JSA
- Event Data Processing in JSA
- DSM Editor Overview
- Properties in the DSM Editor
- Property Configuration in the DSM Editor
- Opening the DSM Editor
- Configuring a Log Source Type
- Configuring Property Autodetection for Log Source Types
- Configuring Log Source Autodetection for Log Source Types
- Configuring DSM Parameters for Log Source Types
- Custom Log Source Types
- Custom Property Definitions in the DSM Editor
- Event Mapping
- Exporting Contents from the DSM Editor
play_arrow Using Reference Data in JSA
- Using Reference Data in JSA
- Types Of Reference Data Collections
- Reference Sets Overview
- Creating Reference Data Collections by Using the Command Line
- Creating Reference Data Collections with the APIs
- Examples for Using Reference Data Collections
play_arrow User Information Source Configuration
- User Information Source Configuration
- User Information Source Overview
- Configuring the Tivoli Directory Integrator Server
- Creating and Managing User Information Source
- Collecting User Information
play_arrow Juniper Networks X-Force Integration
- Juniper Networks X-Force Integration
- Enabling the X-Force Threat Intelligence Feed
- Updating X-Force Data in a Proxy Server
- Preventing X-Force Data from Downloading Locally
- IBM QRadar Security Threat Monitoring Content Extension
- Juniper X-Force Exchange Plug-in for JSA
play_arrow Managing Authorized Services
- Managing Authorized Services
- Viewing Authorized Services
- Adding an Authorized Service
- Revoking Authorized Services
play_arrow Backup and Recovery
- Backup and Recovery
- Backup JSA Configurations and Data
- Manage Existing Backup Archives
- Restore JSA Configurations and Data
- Backup and Restore Applications
- Data Redundancy and Recovery in JSA Deployments
- Backup and Restore the QRadar Analyst Workflow
play_arrow Flow Sources Management
- Flow Sources
- Types of Flow Sources
- Adding or Editing a Flow Source
- Enabling and Disabling a Flow Source
- Deleting a Flow Source
- Flow Source Aliases Management
- Correcting Flow Time Stamps
play_arrow Remote Networks and Services Configuration
- Remote Networks and Services Configuration
- Default Remote Network Groups
- Default Remote Service Groups
- Guidelines for Network Resources
- Managing Remote Networks Objects
- Managing Remote Services Objects
- QID Map Overview
play_arrow Server Discovery
- Server Discovery
- Discovering Servers
play_arrow Domain Segmentation
- Domain Segmentation
- Overlapping IP Addresses
- Domain Definition and Tagging
- Creating Domains
- Creating Domains for VLAN Flows
- Domain Privileges That Are Derived from Security Profiles
- Domain-specific Rules and Offenses
- Example: Domain Privilege Assignments Based on Custom Properties
play_arrow Multitenant Management
- Multitenant Management
- User Roles in a Multitenant Environment
- Domains and Log Sources in Multitenant Environments
- Provisioning a New Tenant
- Monitoring License Usage in Multitenant Deployments
- Rules Management in Multitenant Deployments
- Network Hierarchy Updates in a Multitenant Deployment
- Retention Policies for Tenants
play_arrow Asset Management
- Asset Management
- Sources Of Asset Data
- Incoming Asset Data Workflow
- Updates to Asset Data
- Identification Of Asset Growth Deviations
- Prevention Of Asset Growth Deviations
- Clean Up Asset Data After Growth Deviations
play_arrow Configuring JSA to Forward Data to Other Systems
- Forward Data to Other Systems
- Adding Forwarding Destinations
- Configuring Forwarding Profiles
- Configuring Routing Rules to Forward Data
- Using Custom Rules and Rule Responses to Forward Data
- Configuring Routing Rules to Use the JSA Data Store
- Viewing Forwarding Destinations
- Viewing and Managing Forwarding Destinations
- Viewing and Managing Routing Rules
play_arrow Event Store and Forward
- Event Store and Forward
- Store and Forward Overview
- Viewing the Store and Forward Schedule List
- Creating a Store and Forward Schedule
- Editing a Store and Forward Schedule
- Deleting a Store and Forward Schedule
play_arrow Security Content
- Security Content
- Types Of Security Content
- Methods Of Importing and Exporting Content
- Content Type Identifiers for Exporting Custom Content
- Content Management Script Parameters
play_arrow SNMP Trap Configuration
- SNMP Trap Configuration
- Adding a Custom SNMP Trap to JSA
- Sending SNMP Traps to a Specific Host
play_arrow Protect Sensitive Data
- Sensitive Data Protection
- How Does Data Obfuscation Work?
- Data Obfuscation Profiles
- Data Obfuscation Expressions
- Scenario: Obfuscating User Names
play_arrow Log Files
- Log Files
- Audit Logs
play_arrow Event Categories
- Event Categories
- High-level Event Categories
- Recon
- DoS
- Authentication
- Access
- Exploit
- Malware
- Suspicious Activity
- System
- Policy
- Unknown
- CRE
- Potential Exploit
- Flow
- User Defined
- SIM Audit
- VIS Host Discovery
- Application
- Audit
- Risk
- Risk Manager Audit
- Control
- Asset Profiler
- Sense
play_arrow Common Ports and Servers Used by JSA
- Common Ports and Servers Used by JSA
- JSA Port Usage
- Viewing IMQ Port Associations
- Searching for Ports in Use by JSA
- JSA Public Servers
- Docker Containers and Network Interfaces
play_arrow RESTful API
- RESTful API
- Accessing the Interactive API Documentation Page

list Table of Contents

English

keyboard_arrow_right

Risk

date_range 27-Mar-21

arrow_backward

arrow_forward

The risk category contains events that are related to JSA Risk Manager.

The following table describes the low-level event categories and associated severity levels for the risk category.

Table 1: Low-level Categories and Severity Levels for the Risk Category
Low-level event category	Category ID	Description	Severity level (0 - 10)
Policy Exposure	20001	Indicates that a policy exposure was detected.	5
Compliance Violation	20002	Indicates that a compliance violation was detected.	5
Exposed Vulnerability	20003	Indicates that the network or device has an exposed vulnerability.	9
Remote Access Vulnerability	20004	Indicates that the network or device has a remote access vulnerability.	9
Local Access Vulnerability	20005	Indicates that the network or device has local access vulnerability.	7
Open Wireless Access	20006	Indicates that the network or device has open wireless access.	5
Weak Encryption	20007	Indicates that the host or device has weak encryption.	5
Un-Encrypted Data Transfer	20008	Indicates that a host or device is transmitting data that is not encrypted.	3
Un-Encrypted Data Store	20009	Indicates that the data store is not encrypted.	3
Mis-Configured Rule	20010	Indicates that a rule is not configured properly.	3
Mis-Configured Device	20011	Indicates that a device on the network is not configured properly.	3
Mis-Configured Host	20012	Indicates that a network host is not configured properly.	3
Data Loss Possible	20013	Indicates that the possibility of data loss was detected.	5
Weak Authentication	20014	Indicates that a host or device is susceptible to fraud.	5
No Password	20015	Indicates that no password exists.	7
Fraud	20016	Indicates that a host or device is susceptible to fraud.	7
Possible DoS Target	20017	Indicates a host or device is a possible DoS target.	3
Possible DoS Weakness	20018	Indicates a host or device has a possible DoS weakness.	3
Loss of Confidentiality	20019	Indicates that a loss of confidentially was detected.	5
Policy Monitor Risk Score Accumulation	20020	Indicates that a policy monitor risk score accumulation was detected.	1

arrow_backward PREVIOUS Audit

NEXT arrow_forward Risk Manager Audit

footer-navigation