- play_arrow What's New for JSA Users
- play_arrow Capabilities in your JSA product
- play_arrow Dashboard Management
- Dashboard Management
- Default Dashboards
- Custom Dashboards
- Creating a Custom Dashboard
- Using the Dashboard to Investigate Log or Network Activity
- Configuring Dashboard Chart Types
- Removing Dashboard Items
- Detaching a Dashboard Item
- Renaming a Dashboard
- Deleting a Dashboard
- Managing System Notifications
- Adding Search-based Dashboard Items to the Add Items List
- play_arrow QRadar Analyst Workflow
- play_arrow Offense Management
- play_arrow Log Activity Investigation
- play_arrow Network Activity Monitoring
- play_arrow Chart Management
- play_arrow Event and Flow Searches
- play_arrow Custom Event and Flow Properties
- play_arrow Rules
- play_arrow Historical Correlation
- play_arrow Juniper Networks X-Force Integration
- play_arrow Report Management
Sources Of Asset Data
Asset data is received from several different sources in your JSA deployment.
Asset data is written to the asset database incrementally, usually 2 or 3 pieces of data at a time. With exception of updates from network vulnerability scanners, each asset update contains information about only one asset at a time.
Asset data usually comes from one of the following asset data sources:
Events--Event payloads, such as those created by DHCP or authentication servers, often contain user logins, IP addresses, host names, MAC addresses, and other asset information. This data is immediately provided to the asset database to help determine which asset the asset update applies to.
Events are the primary cause for asset growth deviations.
Flows--Flow payloads contain communication information such as IP address, port, and protocol that is collected over regular, configurable intervals. At the end of each interval, the data is provided to the asset database, one IP address at a time.
Because asset data from flows is paired with an asset based on a single identifier, the IP address, flow data is never the cause of asset growth deviations.
Note:Asset generation from IPv6 flows is not supported.
Vulnerability scanners--JSA integrates with both Juniper Networks and third-party vulnerability scanners that can provide asset data such as operating system, installed software, and patch information. The type of data varies from scanner to scanner and can vary from scan to scan. As new assets, port information, and vulnerabilities are discovered, data is brought into the asset profile based on the CIDR ranges that are defined in the scan.
It is possible for scanners to introduce asset growth deviations but it is rare.
User interface--Users who have the Assets role can import or provide asset information directly to the asset database. Asset updates that are provided directly by a user are for a specific asset. Therefore the asset reconciliation stage is bypassed.
Asset updates that are provided by users do not introduce asset growth deviations.
Domain-aware Asset Data
When an asset data source is configured with domain information, all asset data that comes from that data source is automatically tagged with the same domain. Because the data in the asset model is domain-aware, the domain information is applied to all JSA components, including identities, offenses, asset profiles, and server discovery.
When you view the asset profile, some fields might be blank. Blank fields exist when the system did not receive this information in an asset update, or the information exceeded the asset retention period. The default retention period is 120 days. An IP address that appears as 0.0.0.0 indicates that the asset does not contain IP address information.
