- play_arrow JSA Risk Manager
- play_arrow JSA Risk Manager configuration
- play_arrow Network Device Management
- play_arrow Network Device Management
- Device Discovery Process
- Discovering Devices in your Network
- Importing Multiple Devices from a CSV File
- Adding a Network Device to JSA Risk Manager
- Deleting a Device from JSA Risk Manager
- Finding Network Devices in the Device List
- Adding Device Information to the Topology
- Collecting Neighbor Data to Update the Topology
- Configuring the Discovery Schedule to Populate Device Information
- play_arrow Device Configuration Backup Jobs
- play_arrow Network Device Configuration and Monitoring
- play_arrow Network Device Configuration and Monitoring
- Searching Device Rules
- Filtering Device Rules by User or Group
- Comparing the Configuration of your Network Devices
- Adding or Deleting a Device in JSA Risk Manager
- Backing up a Device to get its Configuration Data
- Discovering Devices in your Network
- play_arrow Log Source Mapping in JSA
- play_arrow Protocol Configuration for Network Devices
- play_arrow Schedules for Discovery and Backup
- play_arrow Firewall Rule Event Counts of Check Point Devices
- play_arrow Network Topology
- play_arrow Network Topology
- play_arrow Network Risk Assessment
- play_arrow Network Risk Assessment
- play_arrow Policy Monitor Question Parameters
- play_arrow Searching for Assets in your Network
- play_arrow Policy Monitor Question Backup
- play_arrow Integration with JSA Vulnerability Manager
- play_arrow CIS Benchmark Scans
- play_arrow Network Simulations in JSA Risk Manager
- play_arrow Network Simulations in JSA Risk Manager
- Simulation Tests
- Creating a Simulation
- Duplicating a Simulation
- Manually Running a Simulation
- play_arrow Network Configuration Change Simulation
- Simulating an Attack on an SSH Protocol
- Viewing Simulation Results
- Approving Simulation Results
- Revoking a Simulation Approval
- Assigning Simulations to Group for Tracking
- play_arrow Topology models
- play_arrow Reports
- play_arrow Audit Log Data
Network Connections Overview
SUMMARY A connection is a recording of a communication, including denied communications, between two unique IP addresses to a specific destination port, as detected over a specific time interval.
If two IP addresses communicate on a port many times within a specific time interval, only one communication is recorded. The total number of bytes that are communicated and the number of flows are included in the connection information. The connection information is stored in the database for each time interval.
Bidirectional Flow Traffic
Connections data from unidirectional flows is not recorded. Connections from bidirectional flow traffic that is from a flow source and from firewall or router deny events is recorded in these situations:
- The destination is remote, which means that it is outside of your network hierarchy. The connection is local to remote, not remote to remote.
- The destination is local, which means that it is inside your network hierarchy. The destination IP address and port that are contained in the flow record are in the asset database and the destination port is open.
Investigating Network Connections
You can monitor and investigate network device connections or do advanced searches. Complete the following tasks on the Connections page.
- Search connections.
- Search a subset of connections.
- Mark search results as false positives to prevent false positive events from creating offenses.
- View connection information grouped by various options.
- Export connections in XML or CSV format.
- Use the interactive graph to view connections in your network.