Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close

keyboard_arrow_left

Table of Contents Expand all

play_arrow What's New for Administrators
- What's New for Administrators
- New Features and Enhancements in JSA 7.4.2
- New Features and Enhancements in JSA 7.4.1
- New Features and Enhancements in JSA 7.4.0
play_arrow Overview of JSA Administration
- JSA Administration
- Capabilities in Your JSA Product
- Supported Web Browsers
play_arrow User Management
- User Management
- User Roles
- Security Profiles
- User Accounts
- User Authentication
- LDAP Authentication
- SAML Single Sign-on Authentication
play_arrow License Management
- License Management
- Event and Flow Processing Capacity
- Burst Handling
- Uploading a License Key
- Allocating a License Key to a Host
- Distributing Event and Flow Capacity
- Viewing License Details
- Deleting Expired Licenses
- Exporting License Information
play_arrow System Management
- System Management
- System Health Information
- JSA Component Types
- Data Nodes
- Network Interface Management
- JSA System Time
- NAT-Enabled Networks
- Off-site Hosts Management
- Managed Hosts
- Configuration Changes in your JSA Environment
- Deploying Changes
- Restarting the Event Collection Service
- Shutting Down a System
- Restarting a System
- Collecting Log Files
- Changing the Root Password on Your JSA Console
- Resetting SIM
play_arrow JSA Set Up Tasks
- JSA Set Up Tasks
- Network Hierarchy
- Automatic Updates
- Manual Updates
- Configuring System settings
- IF-MAP Server Certificates
- SSL Certificates
- IPv6 Addressing in JSA Deployments
- Advanced Iptables Rules Examples
- Data Retention
- System Notifications
- Custom Offense Close Reasons
- Configuring a Custom Asset Property
- Index Management
- Restrictions to Prevent Resource-intensive Searches
- App Hosts
- Checking the Integrity Of Event and Flow Logs
- Adding Custom Actions
- Managing Aggregated Data Views
- Accessing a GLOBALVIEW Database
play_arrow Event Data Processing in JSA
- Event Data Processing in JSA
- DSM Editor Overview
- Properties in the DSM Editor
- Property Configuration in the DSM Editor
- Opening the DSM Editor
- Configuring a Log Source Type
- Configuring Property Autodetection for Log Source Types
- Configuring Log Source Autodetection for Log Source Types
- Configuring DSM Parameters for Log Source Types
- Custom Log Source Types
- Custom Property Definitions in the DSM Editor
- Event Mapping
- Exporting Contents from the DSM Editor
play_arrow Using Reference Data in JSA
- Using Reference Data in JSA
- Types Of Reference Data Collections
- Reference Sets Overview
- Creating Reference Data Collections by Using the Command Line
- Creating Reference Data Collections with the APIs
- Examples for Using Reference Data Collections
play_arrow User Information Source Configuration
- User Information Source Configuration
- User Information Source Overview
- Configuring the Tivoli Directory Integrator Server
- Creating and Managing User Information Source
- Collecting User Information
play_arrow Juniper Networks X-Force Integration
- Juniper Networks X-Force Integration
- Enabling the X-Force Threat Intelligence Feed
- Updating X-Force Data in a Proxy Server
- Preventing X-Force Data from Downloading Locally
- IBM QRadar Security Threat Monitoring Content Extension
- Juniper X-Force Exchange Plug-in for JSA
play_arrow Managing Authorized Services
- Managing Authorized Services
- Viewing Authorized Services
- Adding an Authorized Service
- Revoking Authorized Services
play_arrow Backup and Recovery
- Backup and Recovery
- Backup JSA Configurations and Data
- Manage Existing Backup Archives
- Restore JSA Configurations and Data
- Backup and Restore Applications
- Data Redundancy and Recovery in JSA Deployments
- Backup and Restore the QRadar Analyst Workflow
play_arrow Flow Sources Management
- Flow Sources
- Types of Flow Sources
- Adding or Editing a Flow Source
- Enabling and Disabling a Flow Source
- Deleting a Flow Source
- Flow Source Aliases Management
- Correcting Flow Time Stamps
play_arrow Remote Networks and Services Configuration
- Remote Networks and Services Configuration
- Default Remote Network Groups
- Default Remote Service Groups
- Guidelines for Network Resources
- Managing Remote Networks Objects
- Managing Remote Services Objects
- QID Map Overview
play_arrow Server Discovery
- Server Discovery
- Discovering Servers
play_arrow Domain Segmentation
- Domain Segmentation
- Overlapping IP Addresses
- Domain Definition and Tagging
- Creating Domains
- Creating Domains for VLAN Flows
- Domain Privileges That Are Derived from Security Profiles
- Domain-specific Rules and Offenses
- Example: Domain Privilege Assignments Based on Custom Properties
play_arrow Multitenant Management
- Multitenant Management
- User Roles in a Multitenant Environment
- Domains and Log Sources in Multitenant Environments
- Provisioning a New Tenant
- Monitoring License Usage in Multitenant Deployments
- Rules Management in Multitenant Deployments
- Network Hierarchy Updates in a Multitenant Deployment
- Retention Policies for Tenants
play_arrow Asset Management
- Asset Management
- Sources Of Asset Data
- Incoming Asset Data Workflow
- Updates to Asset Data
- Identification Of Asset Growth Deviations
- Prevention Of Asset Growth Deviations
- Clean Up Asset Data After Growth Deviations
play_arrow Configuring JSA to Forward Data to Other Systems
- Forward Data to Other Systems
- Adding Forwarding Destinations
- Configuring Forwarding Profiles
- Configuring Routing Rules to Forward Data
- Using Custom Rules and Rule Responses to Forward Data
- Configuring Routing Rules to Use the JSA Data Store
- Viewing Forwarding Destinations
- Viewing and Managing Forwarding Destinations
- Viewing and Managing Routing Rules
play_arrow Event Store and Forward
- Event Store and Forward
- Store and Forward Overview
- Viewing the Store and Forward Schedule List
- Creating a Store and Forward Schedule
- Editing a Store and Forward Schedule
- Deleting a Store and Forward Schedule
play_arrow Security Content
- Security Content
- Types Of Security Content
- Methods Of Importing and Exporting Content
- Content Type Identifiers for Exporting Custom Content
- Content Management Script Parameters
play_arrow SNMP Trap Configuration
- SNMP Trap Configuration
- Adding a Custom SNMP Trap to JSA
- Sending SNMP Traps to a Specific Host
play_arrow Protect Sensitive Data
- Sensitive Data Protection
- How Does Data Obfuscation Work?
- Data Obfuscation Profiles
- Data Obfuscation Expressions
- Scenario: Obfuscating User Names
play_arrow Log Files
- Log Files
- Audit Logs
play_arrow Event Categories
- Event Categories
- High-level Event Categories
- Recon
- DoS
- Authentication
- Access
- Exploit
- Malware
- Suspicious Activity
- System
- Policy
- Unknown
- CRE
- Potential Exploit
- Flow
- User Defined
- SIM Audit
- VIS Host Discovery
- Application
- Audit
- Risk
- Risk Manager Audit
- Control
- Asset Profiler
- Sense
play_arrow Common Ports and Servers Used by JSA
- Common Ports and Servers Used by JSA
- JSA Port Usage
- Viewing IMQ Port Associations
- Searching for Ports in Use by JSA
- JSA Public Servers
- Docker Containers and Network Interfaces
play_arrow RESTful API
- RESTful API
- Accessing the Interactive API Documentation Page

list Table of Contents

English

keyboard_arrow_right

Server Discovery

date_range 27-Mar-21

arrow_backward

arrow_forward

The Server Discovery function uses the Asset Profile database to discover different server types that are based on port definitions. Then, you can select the servers to add to a server-type building block for rules.

The Server Discovery function is based on server-type building blocks. Ports are used to define the server type. Thus, the server-type building block works as a port-based filter when you search the Asset Profile database.

For more information about building blocks, see the Juniper Secure Analytics Users Guide.

Use the Server Discovery function with JSA Vulnerability Manager to create exception rules for benign vulnerabilities. Reduce the number of vulnerabilities that you see for the following Server Types:

Table 1: Server Type Vulnerabilities
Server Type	Vulnerability
FTP Servers	FTP Server Present
DNS Servers	DNS Server is Running
Mail Servers	SMTP Server Detected
Web Servers	Web Service is Running

For more information about false positive vulnerabilities, see the Juniper Secure Analytics Vulnerability Manager User Guide.

arrow_backward PREVIOUS QID Map Overview

NEXT arrow_forward Discovering Servers

footer-navigation