- play_arrow JSA Risk Manager
- play_arrow JSA Risk Manager configuration
- play_arrow Network Device Management
- play_arrow Network Device Management
- Device Discovery Process
- Discovering Devices in your Network
- Importing Multiple Devices from a CSV File
- Adding a Network Device to JSA Risk Manager
- Deleting a Device from JSA Risk Manager
- Finding Network Devices in the Device List
- Adding Device Information to the Topology
- Collecting Neighbor Data to Update the Topology
- Configuring the Discovery Schedule to Populate Device Information
- play_arrow Device Configuration Backup Jobs
- play_arrow Network Connections Overview
- play_arrow Network Connections Overview
- play_arrow Network Device Configuration and Monitoring
- play_arrow Network Device Configuration and Monitoring
- Searching Device Rules
- Filtering Device Rules by User or Group
- Comparing the Configuration of your Network Devices
- Adding or Deleting a Device in JSA Risk Manager
- Backing up a Device to get its Configuration Data
- Discovering Devices in your Network
- play_arrow Log Source Mapping in JSA
- play_arrow Protocol Configuration for Network Devices
- play_arrow Schedules for Discovery and Backup
- play_arrow Firewall Rule Event Counts of Check Point Devices
- play_arrow Network Topology
- play_arrow Network Topology
- play_arrow CIS Benchmark Scans
- play_arrow Network Simulations in JSA Risk Manager
- play_arrow Network Simulations in JSA Risk Manager
- Simulation Tests
- Creating a Simulation
- Duplicating a Simulation
- Manually Running a Simulation
- play_arrow Network Configuration Change Simulation
- Simulating an Attack on an SSH Protocol
- Viewing Simulation Results
- Approving Simulation Results
- Revoking a Simulation Approval
- Assigning Simulations to Group for Tracking
- play_arrow Topology models
- play_arrow Reports
- play_arrow Audit Log Data
Policy Monitor Question Parameters
SUMMARY You can define test questions to identify risk in network devices or rules on network devices.
Generic and Test-specific Parameters for Policy Monitor Tests
You configure parameters for each Policy Monitor test. Configurable parameters are bolded and underlined. You click a parameter to view the available options for your question.
Policy Monitor tests use two types of parameters; generic and test-specific. Generic parameters provide 2 or more options to customize a test. Clicking a generic parameter toggles the choices that are available. Test-specific parameters require user-input. You click test-specific parameters to specify information.
For example, the asset test that is called have accepted communication to destination remote network locations contains two generic parameters and one test-specific parameter. Click the generic parameter have accepted to select either have accepted or have rejected. Click the generic parameter to destination to select either to destination or from source. Click the test-specific parameter remote network locations to add a remote location for the asset test.
Test Questions for Assets
Asset questions are used to identify assets on the network that violate a defined policy or introduce risk into the environment.
Asset test questions are categorized by communication type; actual or possible. Both communication types use contributing and restrictive tests.
Actual communication includes any assets on which communications were detected by using connections. Possible communication questions allow review for cases when specific communications are possible on assets, regardless of whether or not a communication was detected.
A contributing test question is the base test question that defines what type of actual communication you are trying to test.
A restrictive test question restricts the test results from the contributing test to further filter the actual communication for specific violations.
When you use a restrictive test, the direction of the restrictive test can follow the same direction as the contributing test. Restrictive tests that use a mix of inbound and outbound directions can be used in situations where you are trying to locate assets in between two points. For example, a restrictive test can locate assets in between two networks or IP addresses.
Inbound refers to a test that is filtering the connections for which the asset in question is a destination. Outbound refers to a test that is filtering connections for which the asset in question is a source.
Test Questions for Devices and Rules
Devices and rules are used to identify rules in a device that violate a defined policy that can introduce risk into the environment.
For a detailed list of device rule questions, see Device/rules test questions.