close
keyboard_arrow_left
Table of Contents
- play_arrow Junos Space Security Director
- play_arrow Dashboard
- play_arrow Overview
-
- play_arrow Devices
- play_arrow Security Devices
- Using Features in Security Devices
- Security Devices Overview
- Add Devices to Juniper Security Director Cloud
- Updating Security-Specific Configurations or Services on Devices
- Resynchronizing Managed Devices with the Network in Security Director
- Performing Commit Check
- Logical Systems Overview
- Tenant Systems Overview
- Create a Logical System
- Create a Tenant System
- Uploading Authentication Keys to Devices in Security Director
- Modifying the Configuration of Security Devices
- Modifying the Basic Configuration for Security Devices
- Modifying the Static Routes Configuration for Security Devices
- Modifying the Routing Instances Configuration for Security Devices
- Modifying the Physical Interfaces Configuration for Security Devices
- Modifying the Syslog Configuration for Security Devices
- Modifying the Security Logging Configuration for Security Devices
- Modifying the Link Aggregation for Security Devices
- Modifying the User Management Configuration for Security Devices
- Modifying the Screens Configuration for Security Devices
- Modifying the Zones Configuration for Security Devices
- Modifying the IPS Configuration for Security Devices
- Modifying the SSL Initiation Profile for Security Devices
- Modifying the ICAP Redirect Profile for Security Devices
- Configuring Aruba ClearPass for Security Devices
- Configuring APBR Tunables for Security Devices
- Modifying the Express Path Configuration for Security Devices
- Modifying the Device Information Source Configuration for Security Devices
- Viewing the Active Configuration of a Device in Security Director
- Deleting Devices in Security Director
- Rebooting Devices in Security Director
- Resolving Key Conflicts in Security Director
- Launching a Web User Interface of a Device in Security Director
- Connecting to a Device by Using SSH in Security Director
- Importing Security Policies to Security Director
- Importing Device Changes
- Viewing Device Changes
- Viewing and Exporting Device Inventory Details in Security Director
- Previewing Device Configurations
- Refreshing Device Certificates
- Assigning Security Devices to Domains
- Acknowledging Device SSH Fingerprints in Security Director
- Viewing Security Device Details
- Security Devices Main Page Fields
- play_arrow Device Discovery
- Overview of Device Discovery in Security Director
- Creating Device Discovery Profiles in Security Director
- Editing, Cloning, and Deleting Device Discovery Profiles in Security Director
- Running a Device Discovery Profile in Security Director
- Viewing the Device Discovery Profile Details in Security Director
- Device Discovery Main Page Fields
- play_arrow Secure Fabric
- play_arrow NSX Managers
- Understanding Juniper Connected Security for VMware NSX Integration
- Understanding Juniper Connected Security for VMware NSX-T Integration
- Before You Deploy vSRX in VMware NSX Environment
- Before You Deploy vSRX in VMware NSX-T Environment
- About the NSX Managers Page
- Download the SSH Key File
- Add the NSX Manager
- Registering Security Services
- Editing NSX Managers
- Viewing Service Definitions
- Deleting the NSX Manager
- Delete the NSX-T Manager
- Deploying the vSRX as an Advanced Security Service in a VMware NSX Environment
- Deploy the vSRX as an Advanced Security Service in a VMware NSX-T Environment
- play_arrow vCenter Servers
- play_arrow Licenses
-
- play_arrow Configure
- play_arrow Firewall Policy-Standard Policies
- Firewall Policies Overview
- Policy Ordering Overview
- Creating Firewall Policies
- Firewall Policies Best Practices
- Creating Firewall Policy Rules
- Rule Base Overview
- Firewall Policy Locking Modes
- Rule Operations on Filtered Rules Overview
- Create and Manage Policy Versions
- Assigning Devices to Policies
- Comparing Policies
- Export Policies
- Creating Custom Columns
- Promoting to Group Policy
- Converting Standard Policy to Unified Policy
- Probe Latest Policy Hits
- Disable Firewall Policy Rules Based on Hits Over a Specified Duration
- Viewing and Synchronizing Out-of-Band Firewall Policy Changes Manually
- Importing Policies
- Delete and Replace Policies and Objects
- Unassigning Devices from Policies
- Edit and Clone Policies and Objects
- Publishing Policies
- Showing Duplicate Policies and Objects
- Show and Delete Unused Policies and Objects
- Updating Policies on Devices
- Firewall Policies Main Page Fields
- Firewall Policy Rules Main Page Fields
- play_arrow Firewall Policy-Unified Policies
- play_arrow Firewall Policy-Devices
- play_arrow Firewall Policy-Schedules
- play_arrow Firewall Policy-Profiles
- Understanding Firewall Policy Profiles
- Understanding Captive Portal Support for Unauthenticated Browser Users
- Creating Firewall Policy Profiles
- Edit and Clone Policies and Objects
- Delete and Replace Policies and Objects
- Assigning Policies and Profiles to Domains
- Firewall Policy Profiles Main Page Fields
- play_arrow Firewall Policy-Templates
- play_arrow Firewall Policy-Secure Web Proxy
- play_arrow Firewall Policy-DNS Security & ETI Profile
- play_arrow Firewall Policy-DNS Security & ETI Policy
- play_arrow Firewall Policy-DNS Sinkhole
- play_arrow Firewall Policy-DNS Filter
- play_arrow Environment
- play_arrow Application Firewall Policy-Policies
- play_arrow Application Firewall Policy-Signatures
- play_arrow Application Firewall Policy-Redirect Profiles
- play_arrow SSL Profiles
- play_arrow User Firewall Management-Active Directory
- play_arrow User Firewall Management-Access Profile
- play_arrow User Firewall Management-Address Pools
- play_arrow User Firewall Management-Identity Management
- play_arrow User Firewall Management-End User Profile
- play_arrow IPS Policy-Policies
- Understanding IPS Policies
- Creating IPS Policies
- Creating IPS Policy Rules
- Publishing Policies
- Updating Policies on Devices
- Assigning Devices to Policies
- Create and Manage Policy Versions
- Creating Rule Name Template
- Export Policies
- Unassigning Devices to Policies
- Viewing and Synchronizing Out-of-Band IPS Policy Changes Manually
- Edit and Clone Policies and Objects
- Delete and Replace Policies and Objects
- Assigning Policies and Profiles to Domains
- IPS Policies Main Page Fields
- Configure IPS Policy in a Firewall Policy
- Import a Firewall Policy that Has IPS Policy Configured
- play_arrow IPS Policy-Devices
- play_arrow IPS Policy-Signatures
- play_arrow IPS Policy-Templates
- play_arrow NAT Policy-Policies
- NAT Overview
- NAT Global Address Book Overview
- Creating NAT Policies
- Publishing Policies
- NAT Policy Rules Main Page Field
- Creating NAT Rules
- Updating Policies on Devices
- Edit and Clone Policies and Objects
- Delete and Replace Policies and Objects
- Assigning Policies and Profiles to Domains
- Comparing Policies
- Create and Manage Policy Versions
- Export Policies
- Assigning Devices to Policies
- Unassigning Devices to Policies
- Creating Rule Name Template
- Viewing and Synchronizing Out-of-Band NAT Policy Changes Manually
- Configuring NAT Rule Sets
- Auto Grouping
- NAT Policies Main Page Fields
- play_arrow NAT Policy-Devices
- play_arrow NAT Policy-Pools
- play_arrow NAT Policy-Port Sets
- play_arrow Content Security Policy-Policies
- Content Security Overview
- Creating Content Security Policies
- Comparing Policies
- Delete and Replace Policies and Objects
- Viewing Policy and Shared Object Details
- Assigning Policies and Profiles to Domains
- Showing Duplicate Policies and Objects
- Edit and Clone Policies and Objects
- Show and Delete Unused Policies and Objects
- Content Security Policies Main Page Fields
- play_arrow Content Security Policy-Web Filtering Profiles
- play_arrow Content Security Policy-Category Update
- play_arrow Content Security Policy-Antivirus Profiles
- play_arrow Content Security Policy-Antispam Profiles
- play_arrow Content Security Policy-Content Filtering Profiles
- play_arrow Content Security Policy-Global Device Profiles
- play_arrow Content Security Policy-Default Configuration
- play_arrow Content Security Policy-URL Patterns
- play_arrow Content Security Policy-Custom URL Categories
- play_arrow Application Routing Policies
- Understanding Application-Based Routing
- About the Application Routing Policies Page
- Configuring Advanced Policy-Based Routing Policy
- About the Rules Page (Advanced Policy-Based Routing)
- Creating Advanced Policy-Based Routing Rules
- About the App Based Routing Page
- Edit and Clone Policies and Objects
- Assigning Devices to Policies
- Customizing Profile Names
- Publishing Policies
- Updating Policies on Devices
- play_arrow Threat Prevention - Policies
- play_arrow Threat Prevention - Feed Sources
- About the Feed Sources Page
- Juniper ATP Cloud Realm Overview
- Juniper ATP Cloud Malware Management Overview
- Juniper ATP Cloud Email Management Overview
- File Inspection Profiles Overview
- Juniper ATP Cloud Email Management: SMTP Settings
- Configure IMAP Settings
- Creating Juniper ATP Cloud Realms and Enrolling Devices or Associating Sites
- Modifying Juniper ATP Cloud Realm
- Creating File Inspection Profiles
- Creating Allowlist for Juniper ATP Cloud Email and Malware Management
- Creating Blocklists for Juniper ATP Cloud Email and Malware Management
- Add ATP Appliance Server
- Edit or Delete a ATP Appliance Server
- Custom Feed Sources Overview
- Creating Custom Feeds
- Example: Creating a Dynamic Address Custom Feed and Firewall Policy
- Configuring Settings for Custom Feeds
- play_arrow IPsec VPN-VPNs
- IPsec VPN Overview
- Create a Site-to-Site VPN
- Create a Hub-and-Spoke (Establishment All Peers) VPN
- Create a Hub-and-Spoke (Establishment by Spokes) VPN
- Create a Hub-and-Spoke Auto Discovery VPN
- Create a Full Mesh VPN
- Create a Remote Access VPN—Juniper Secure Connect
- Create a Remote Access VPN—NCP Exclusive Client
- IPsec VPN Global Settings
- Understanding IPsec VPN Modes
- Comparison of Policy-Based VPNs and Route-Based VPNs
- Understanding IPsec VPN Routing
- Understanding IKE Authentication
- Publishing IPsec VPNs
- Updating IPSec VPN
- Modify IPsec VPN Settings
- Viewing Tunnels
- Importing IPsec VPNs
- Deleting IPSec VPN
- IPsec VPN Main Page Fields
- play_arrow IPsec VPN-Extranet Devices
- play_arrow IPsec VPN-Profiles
- play_arrow Insights
- About the Log Parsers Page
- Create a New Log Parser
- Edit and Delete a Log Parser
- About the Log Sources Page
- Add a Log Source
- Edit and Delete a Log Source
- View Log Statistics
- About the Event Scoring Rules Page
- Create an Event Scoring Rule
- Edit and Delete Event Scoring Rules
- About the Incident Scoring Rules Page
- Create an Incident Scoring Rule
- Edit and Delete Incident Scoring Rules
- play_arrow Shared Objects-Geo IP
- play_arrow Shared Objects-Policy Enforcement Groups
- play_arrow Shared Objects-Addresses
- play_arrow Shared Objects-Services
- play_arrow Shared Objects-Variables
- play_arrow Shared Objects-Zone Sets
- Understanding Zone Sets
- Creating Zone Sets
- Edit and Clone Policies and Objects
- Delete and Replace Policies and Objects
- Finding Usages for Policies and Objects
- Show and Delete Unused Policies and Objects
- Showing Duplicate Policies and Objects
- Viewing Policy and Shared Object Details
- Zone Sets Main Page Fields
- play_arrow Shared Objects-Metadata
- play_arrow Change Management-Change Requests
- Change Control Workflow Overview
- Creating a Firewall or NAT Policy Change Request
- About the Changes Submitted Page
- Approving and Updating Changes Submitted
- Creating and Updating a Firewall Policy Using Change Control Workflow
- Editing, Denying, and Deleting Change Requests
- About the Changes Not Submitted Page
- Discarding Policy Changes
- Viewing Submitted and Unsubmitted Policy Changes
- play_arrow Change Management-Change Request History
- play_arrow Overview of Policy Enforcer and Juniper ATP Cloud
- play_arrow Concepts and Configuration Types to Understand Before You Begin (Policy Enforcer and Juniper ATP Cloud)
- Policy Enforcer Components and Dependencies
- Policy Enforcer Configuration Concepts
- Juniper ATP Cloud Configuration Type Overview
- Features By Juniper ATP Cloud Configuration Type
- Available UI Pages by Juniper ATP Cloud Configuration Type
- Comparing the Juniper Connected Security and non-Juniper Connected Security Configuration Steps
- play_arrow Configuring Policy Enforcer Settings and Connectors
- Policy Enforcer Settings
- Policy Enforcer Connector Overview
- Creating a Policy Enforcer Connector for Public and Private Clouds
- Creating a Policy Enforcer Connector for Third-Party Switches
- Editing and Deleting a Connector
- Viewing VPC or Projects Details
- Integrating ForeScout CounterACT with Juniper Networks Connected Security
- ClearPass Configuration for Third-Party Plug-in
- Cisco ISE Configuration for Third-Party Plug-in
- Integrating Pulse Policy Secure with Juniper Networks Connected Security
- Policy Enforcer Backup and Restore
- Configure Certificate-Based Authentication in Policy Enforcer
- play_arrow Guided Setup-ATP Cloud with SDSN
- play_arrow Guided Setup-ATP Cloud
- play_arrow Guided Setup for No ATP Cloud (No Selection)
- play_arrow Manual Configuration- ATP Cloud with SDSN
- play_arrow Manual Configuration-ATP Cloud
- play_arrow Cloud Feeds Only Threat Prevention
- play_arrow Configuring No ATP Cloud (No Selection) (without Guided Setup)
- play_arrow Migration Instructions for Spotlight Secure Customers
-
- play_arrow Reports
- play_arrow Administration
- play_arrow My Profile
- play_arrow Users and Roles-Users
- Overview of Users in Security Director
- Creating Users in Security Director
- Editing and Deleting Users in Security Director
- Viewing and Terminating Active User Sessions in Security Director
- Viewing the User Details in Security Director
- Clearing Local Passwords for Users in Security Director
- Disabling and Enabling Users in Security Director
- Unlocking Users in Security Director
- Users Main Page Fields
- play_arrow Users and Roles-Roles
- play_arrow Users and Roles-Domains
- Overview of Domains in Security Director
- Creating Domains in Security Director
- Edit and Delete Domains in Security Director
- Exporting Domains in Security Director
- Viewing Users, Devices, and Remote Profiles Assigned to a Domain in Security Director
- Assigning Devices to Domains in Security Director
- Assigning and Unassigning Remote Profiles to Domains in Security Director
- Assigning and Unassigning Users to Domains in Security Director
- Domains Main Page Fields
- play_arrow Users and Roles-Remote Profiles
- play_arrow Logging Management
- play_arrow Logging Management-Logging Nodes
- play_arrow Logging Management-Statistics & Troubleshooting
- play_arrow Logging Management-Logging Devices
- play_arrow Monitor Settings
- play_arrow Signature Database
- play_arrow License Management
- play_arrow Migrating Content from NSM to Security Director
- play_arrow Policy Sync Settings
- play_arrow Insights Management
- Add Insights Nodes
- About the Alerts Settings Page
- Create a New Alert Setting
- Configure System Settings
- About the Identity Settings Page
- Add JIMS Configuration
- Edit and Delete an Identity Setting
- Configure Mitigation Settings
- About the Threat Intelligence Page
- Configure Threat Intelligence Source
- Edit and Delete Threat Intelligence Source
- About the ServiceNow Configuration Page
- About the Backup & Restore Page
- Create a Backup File and Restore the Configuration
- Download and Delete a Backup File
-
list Table of Contents
Understanding Audit Logs in Security Director
date_range
08-Jul-23
The Audit Logs feature in Security Director enables you to track login history, device management tasks, services that were provisioned on devices, and other user-initiated tasks. Tasks that are not initiated by users, such as device-driven activities like resynchronization of network elements, are not recorded in audit logs.
Administrators can use audit logs to review events. For example, administrators can identify the user accounts associated with an event, determine the chronological sequence of events—that is, what happened before and during an event—, and so on.
Note:
Security Director also tracks all externally initiated non-READ REST APIs, and login and logout APIs.
Administrators can sort and filter audit logs. For example, administrators can use audit log filtering to track user accounts that were added on a specific date, track configuration changes across a particular type of device, view services that were provisioned on specific devices, monitor user login and logout activities over time, and so on.
Note:
To use the audit log service to monitor user requests and track changes initiated by users, you must be assigned the Audit Log Administrator role.
You can manage the volume of audit log data stored by purging log files from the Junos Space database without archiving them or by purging log files after archiving them. When you archive logs before purging them, the archived log files are saved in a single file in compressed comma-separated values (CSV) format (extension .csv.gz). Audit logs can be archived locally (on the active node in the Junos Space fabric) or to a remote server. When you archive data locally, the archived log files are saved in the /var/lib/mysql/archive directory on the active Junos Space node.
You can schedule the purging of audit logs (with or without prior archiving) for a later date and schedule the purging on a recurring basis.
You can export audit logs in CSV format without purging them from the system.
