NSM Plug-In Users Guide

Similar documents
NSM Plug-In Users Guide

NSM Plug-In Users Guide

Upgrading STRM to

Troubleshooting Guide

SETTING UP A JSA SERVER

Customizing the Right-Click Menu

Partition Splitting. Release Juniper Secure Analytics. Juniper Networks, Inc.

Deploying JSA in an IPV6 Environment

STRM Administration Guide

Restore Data. Release Juniper Secure Analytics. Juniper Networks, Inc.

Setting Up an STRM Update Server

Managing User-Defined QID Map Entries

Deploying STRM in an IPV6 Environment

Installing JSA Using a Bootable USB Flash Drive

JSA Common Ports Lists

Adaptive Log Exporter Users Guide

Reference Data Collections

Reconfigure Offboard Storage During a JSA Upgrade

Release Notes. Juniper Secure Analytics. Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA

Forwarding Logs Using Tail2Syslog. Release Security Threat Response Manager. Juniper Networks, Inc.

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

High Availability Guide

STRM Log Manager Administration Guide

Juniper Secure Analytics

Web Device Manager Guide

Juniper Secure Analytics Patch Release Notes

Release Notes Patch 1

WinCollect User Guide

Juniper Secure Analytics Patch Release Notes

CUSTOM EVENT PROPERTIES FOR IBM Z/OS

Juniper Secure Analytics Patch Release Notes

Juniper Secure Analytics Patch Release Notes

Juniper Secure Analytics Virtual Appliance Installation Guide

Junos Space. Reports. Release Published: Copyright 2014, Juniper Networks, Inc.

STRM Adaptive Log Exporter

Subscriber Traffic Redirection

STRM Getting Started Guide. Release Security Threat Response Manager. Juniper Networks, Inc.

UPGRADING STRM TO R1 PATCH

Junos Pulse Secure Access Service

STRM Series to JSA Series

Junos Pulse Secure Access Service

Juniper Secure Analytics

ScreenOS 5.4.0r4 FIPS Reference Note

Log Sources Users Guide

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

EX2500 Ethernet Switch 3.1 Release Notes

Customizing SNMP Traps

Cisco Meeting Management

Wireless LAN. SmartPass Quick Start Guide. Release 9.0. Published: Copyright 2013, Juniper Networks, Inc.

Bluetooth Micro Dongle User s Guide. Rating: 5V DC 80mA Made in China

Steel-Belted Radius Installation Instructions for EAP-FAST Security Patch

Cisco Meeting Management

Upgrade Guide. ScreenOS 6.1.0, Rev. 03. Security Products. Juniper Networks, Inc.

Tetration Cluster Cloud Deployment Guide

Junos Pulse. Client Customization Developer Guide. Release 5.0. Published: Copyright 2013, Juniper Networks, Inc.

JUNOSPHERE RELEASE NOTES

Juniper Secure Analytics

Contrail Release Release Notes

Junos Pulse Secure Access Service

JunosE Software for E Series Broadband Services Routers

JUNOSPHERE RELEASE NOTES

Cisco Unified Communications Manager Device Package 10.5(1)( ) Release Notes

IDP NetScreen-Security Manager Migration Guide

Cisco Unified Communications Manager Device Package 8.6(2)( ) Release Notes

LaserJet Pro M501 Getting Started Guide

IDP Detector Engine Release Notes

SRX 5600 Services Gateway DC Power Supply Installation Instructions

Blackwire C610 Blackwire C620

Service Now Getting Started Guide

EX2500 Ethernet Switch 3.0 Release Notes

Juniper Networks CTPOS Release 7.0R1 Software Release Notes

Subscriber Management in a Wireless Roaming Environment

Juniper Secure Analytics

Operation Manual for Cloud 3700F Version 0

READ FIRST! Bluetooth USB Adapter 2.0 Manual. Included in This Package Bluetooth USB Adapter CD-ROM with Bluetooth software and manual

Junosphere. Connector Guide. Release 2.4. Published: Revision 4. Copyright 2012, Juniper Networks, Inc.

Device Registration Walkthrough

Virtual Route Reflector

Home Automation by Reliant User Manual

WHG405 V2.10. Secure WLAN Controller

SV PRO Network Security Appliance Quick Start Guide

Zodiac WX QUICK START GUIDE

SRX 5600 and SRX 5800 Services Gateway Routing Engine Installation Instructions

Addendum to Cisco Physical Security Operations Manager Documentation, Release 6.1

Juniper Secure Analytics

Hardware Installation 1. Install two AA batteries in the mouse. Pairing Process in Vista and Windows XP SP2

JunosE Software for E Series Broadband Services Routers

Let s get started. Need more help getting started?

Intrusion Detection and Prevention IDP 4.1r4 Release Notes

Cisco Meeting App. What's new in Cisco Meeting App Version December 17

Bluetooth Mini Keyboard. User s Manual. Version /05 ID NO: PAKL-231B

TERMINAL USER MANUAL 13/12/2017

CBA850 3G/4G/LTE Wireless WAN Bridge Application Guide

Network and Security Manager (NSM) Release Notes DMI Schema

Cisco Meeting App. User Guide. Version December Cisco Systems, Inc.

ZigBee Server USER GUIDE

Cisco Unified IP Conference Phone 8831 and 8831NR Release Notes for Firmware Release 10.3(1)SR3

Quick Start Guide. Powerline Wireless Extender GPLWE150 PART NO. Q1337.

Third-Party Network Devices with Scripting Service in the SRC Network

4MP WI-FI PAN TILT CAMERA QUICK START GUIDE ENGLISH

Transcription:

Juniper Secure Analytics Release 2014.3 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Published: 2014-10-15

Copyright Notice Copyright 2014 Juniper Networks, Inc. All rights reserved. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. The following terms are trademarks or registered trademarks of other companies: Java TM and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. FCC Statement The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with Juniper Networks installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Consult the dealer or an experienced radio/tv technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected. Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device. Disclaimer THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT, SUBJECT TO THE MODIFICTAIONS SET FORTH BELOW ON THIS PAGE, ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY. Release 2014.3 Copyright 2014, Juniper Networks, Inc. All rights reserved. Printed in USA. Revision History October 2014 The information in this document is current as of the date listed in the revision history. END USER LICENSE AGREEMENT The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement ( EULA ) posted at http://www.juniper.net/support/eula.html, as modified by the following text, which shall be treated under the EULA as an Entitlement Document taking precedence over any conflicting provisions of such EULA as regards such software: As regards software accompanying the STRM products (the Program ), such software contains software licensed by Q1Labs and is further accompanied by third-party software that is described in the applicable documentation or materials provided by Juniper Networks. 2

CONTENTS ABOUT THIS GUIDE Audience........................................................... 5 Documentation Conventions............................................ 5 Technical Documentation............................................... 5 Requesting Technical Support........................................... 6 1 INSTALLING THE NSM PLUG-IN NSM Plug-In Overview................................................. 7 Installing the NSM Plug-In.............................................. 7 2 SETTING UP THE PLUG-IN Configuring the Server Settings.......................................... 9 Setting User Permissions............................................... 9 Setting NSM Preferences............................................. 10 3 USING THE PLUG-IN Starting NSM....................................................... 11 Viewing Policy Details................................................ 12 Adding the Policy Column........................................... 12 Viewing Policy Details.............................................. 12 4 REMOVING THE NSM PLUG-IN INDEX

ABOUT THIS GUIDE The provides you with information on installing and configuring the Juniper Networks Network and Security Manager (NSM) plug-in. Audience The guide is intended for system administrators responsible for installing, configuring, or using plug-in components on your Juniper Secure Analytics (JSA) console. Documentation Conventions Table 1 lists conventions that are used throughout this guide. Table 1 Icons Icon Type Description Information note Information that describes important features or instructions. Caution Warning Information that alerts you to potential loss of data or potential damage to an application, system, device, or network. Information that alerts you to potential personal injury. Technical Documentation You can access technical documentation, technical notes, and release notes directly from the Juniper Customer Support website at https://www.juniper.net/support/. Once you access the Juniper Customer Support website, locate the product and software release for which you require documentation. Your comments are important to us. Please send your e-mail comments about this guide or any of the Juniper Networks documentation to: techpubs-comments@juniper.net. Include the following information with your comments: Document title

6 ABOUT THIS GUIDE Page number Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC. JTAC policies For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf. Product warranties For product warranty information, visit http://www.juniper.net/support/warranty/ JTAC Hours of Operation The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: Find CSC offerings: http://www.juniper.net/customers/support/ Find product documentation: http://www.juniper.net/techpubs/ Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/ Download the latest versions of software and review release notes: http://www.juniper.net/customers/csc/software/ Search technical bulletins for relevant hardware and software notifications: https://www.juniper.net/alerts/ Join and participate in the Juniper Networks Community Forum: http://www.juniper.net/company/communities/ Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/ To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://tools.juniper.net/serialnumberentitlementsearch/ Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone. Use the Case Management tool in the CSC at http://www.juniper.net/cm/. Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico). For international or direct-dial options in countries without toll-free numbers, visit us at http://www.juniper.net/support/requesting-support.html.

1 INSTALLING THE NSM PLUG-IN You can use the Juniper Networks Network and Security Manager (NSM) plug-in to view policy details from the Juniper Networks NSM server for an event. NSM Plug-In Overview Juniper Networks Network and Security Manager (NSM) is a software application that centralizes control and management of your Juniper Networks devices. Juniper Networks NSM delivers integrated, policy-based security, and network management for all devices. Ensure that the latest Juniper Secure Analytics (JSA) patch is installed on your JSA console. When you install the Juniper Networks NSM plug-in, the httpd and Tomcat processes automatically restart and cause a service disruption. Installing the NSM Plug-In Use SSH to install the Juniper Networks NSM plug-in on your JSA console. About this task The target directory (/opt/qradar/conf/webplugins/117/) must exist on your JSA system. After you install the plug-in, the target directory is automatically created when you log in to the JSA user interface and click the NSM Settings Plug-in icon on the Admin tab. If multiple users or remote users view the Admin tab, refresh your browser to display the NSM Plug-in Settings icon to be displayed. Step 1 Step 2 Step 3 Step 4 Procedure Download the JSA ISO from the following website: http://www.juniper.net/customers/support/ Copy the ISO file to your JSA console. Using SSH, log in to JSA as the root user. Type the following command to mount the JSA ISO file: mount -o loop <path to the JSA ISO> /media/cdrom

8 INSTALLING THE NSM PLUG-IN Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 Where <path to the JSA ISO> is the directory path to where the installation ISO is stored. Type the following command to install the NSM plug-in rpm: rpm -Uvh /media/cdrom/post/qradar/nsm_plugin-2014.3-931999.x86_64.rpm Where <build> is the related JSA build number. The package manager installs the NSM plug-in rpm. To create the target directory: a Log in to the JSA user interface: https://<ip Address> Where <IP Address> is the IP address of the JSA system. b c Click the Admin tab. Click the NSM Plug-in Settings icon. Using SSH, log in to JSA as the root user. Choose the following option: To connect JSA to Juniper NSM server, you must copy a certificate to JSA, go to Step 9. To connect JSA to any other version of Juniper NSM, go to Step 11. Type the following command to copy the server certificate from your Juniper NSM server to the JSA console: scp root@<nsm IP address>:/usr/netscreen/guisvr/lib/webproxy/conf/server.crt /opt/qradar/conf/webplugins/117/nsmplugin.cert Where <NSM IP address> is the IP address of the Juniper Networks NSM server. The server.crt file is copied from the Juniper Networks NSM server and renamed to nsmplugin.cert on your JSA console. Type the following command to set the proper file permissions: chown nobody:nobody /opt/qradar/conf/webplugins/117/nsmplugin.cert Type the following command to restart Tomcat: service tomcat restart What to do next Setting Up the Plug-In

2 SETTING UP THE PLUG-IN The Juniper Networks Network and Security Manager (NSM) plug-in allows Juniper Secure Analytics (JSA) to integrate with your Juniper Networks NSM appliance to view policy-based security and network management information from NSM appliances. Before you can view policy information, you must configure JSA permissions and user roles. Configuring the Server Settings After you successfully install the Juniper Networks NSM plug-in, configure your JSA console with the IP address and port number of your Juniper Networks NSM appliance. Step 1 Step 2 Step 3 Step 4 Step 5 Procedure Click the Admin tab. In the navigation menu, click Plug-ins. In the Plug-In Configuration pane, click the NSM Plug-in Settings icon. In the NSM Server URL field, type the IP address or host name of the Juniper Networks NSM server to which you want to connect. For example, https://192.168.2.1:8443. Click Save Changes. Setting User Permissions Ensure that each JSA user who requires access to the Juniper NSM Plug-in has the appropriate user permissions. You must have administrative privileges to configure user roles in JSA. Step 1 Step 2 Step 3 Step 4 Procedure Click the Admin tab. On the navigation menu, click System Configuration. In the User Management pane, click the User Roles icon. Choose one of the following options: a To create a new role, click Create Role. b To edit an existing role to include NSM Plug-in Settings, select the role and click the Edit icon.

10 SETTING UP THE PLUG-IN Step 5 Step 6 Step 7 Step 8 Select the user permissions for the NSM Plug-in settings: Launch NSM Client - Select this check box o allow users to start the NSM Client from the main user interface. View NSM Policy Details from Events interface - Select this check box to allow users to view policy details for the Juniper Networks NSM server from the Log Activity tab. Select the remaining permissions. For more information on role permissions, see the Juniper Secure Analytics Administration Guide. Complete the steps of the wizard. On the Admin tab, click Deploy Changes. Setting NSM Preferences If you have the View NSM Policy Details from Events interface role permission, configure your NSM settings to authenticate your user account with the Juniper Networks NSM server. Before you begin Make sure that you have Events permissions to access the policy details. About this task If your administrator has not completed the configuration of the plug-in, an information message is displayed. Contact your system administrator to complete the configuration before you continue. For more information, see Configuring the Server Settings. The Juniper Networks NSM server might reject your credentials as a result of too many failed login attempts. If this occurs, contact your Juniper Networks NSM server administrator to unblock the following IP address: 127.0.0.1 by using the Tools > Manage Blocked Hosts option in the Juniper Networks NSM client. Step 1 Step 2 Step 3 Procedure In the upper-right corner of the user interface, click NSM Preferences. Enter values for the following parameters: NSM Login Type your user name, as defined on the Juniper Networks NSM server. NSM Password Type your password, as defined on the Juniper Networks NSM server. NSM Domain Type your domain, as defined on the Juniper Networks NSM server. Click Save Changes.

3 USING THE PLUG-IN After you configure the Network and Security Manager (NSM) plug-in, you can view policy event information. Starting NSM You can start Network and Security Manager (NSM) from the Juniper Secure Analytics (JSA) user interface. Step 1 Step 2 Step 3 Procedure In the upper-right corner of the user interface, click Launch NSM. Choose one of the following options: If you use the Mozilla Firefox web browser and this is the first time that you start NSM, go to Step 3. If you use the Microsoft Internet Explorer 8.0 or 9.0 web browser, with Compatibility View enabled, and this is the first time that you are start NSM, go to Step 4. If you previously launched NSM, go to Step 5. To start NSM for the first time in the Mozilla Firefox web browser: a b c d e f In the Opening window, select the Open with option. Click Browse. Select the NSM.exe file from the appropriate directory: - For previous NSM versions, the file path is c:\program Files\NSM\NSM.exe. Click OK. Select the Do this automatically for files like this from now on check box. Click OK. g Go to Step 5.

12 USING THE PLUG-IN Step 4 Step 5 Step 6 To start NSM for the first time in the Internet Explorer 8.0 or 9.0, with Compatibility View enabled: a Create an association for the.nsm extension and change the extension to access the NSM.exe file. Select the NSM.exe from the appropriate directory: - For NSM 2014.1, the file path is c:\program Files\Network and Security Manager\NSM.exe. - For previous NSM versions, the file path is C:\Program Files\NSM\NSM.exe. For more information about how to create a file association, see your vendor documentation. b Go to Step 5. Type the necessary login credentials for the Juniper Networks Client. Click OK. Viewing Policy Details Adding the Policy Column After the Juniper Networks NSM plug-in is installed and configured, you can view policy details using the Log Activity tab. However, before you can view policy details, you must add the NSM Policy (custom) column to the Log Activity page display. Use the event search page to add the NSM Policy (custom) column to the Log Activity page: About this task This task includes only the search criteria for displaying NSM Policy (custom) column. For information about search parameters, see the Juniper Secure Analytics Users Guide. Step 1 Step 2 Step 3 Step 4 Step 5 Procedure Click the Log Activity tab. From the Search list, select New Search. From the Available Columns list, select NSM Policy (custom). Select the arrow to move the item to the Column list. Click Filter. Result The Log Activity page displays the NSM Policy (custom) column. Viewing Policy Details You can view policy details from the Log Activity tab. About this task Each Juniper Networks NSM policy includes groups of rule bases and rules. This window provides details of the selected NSM policy and details of the associated

Viewing Policy Details 13 rules for this policy. This window might require several minutes to populate depending on the amount of data. For more information about the Juniper Networks NSM policy, see your Juniper Networks NSM documentation. Step 1 Step 2 Step 3 Procedure Click the Log Activity tab. If events are displayed in Real Time (streaming) mode, click the Pause icon. Right-click the NSM Policy (custom) parameter for the event you want to investigate, and then select More options > View NSM Policy Details.

4 REMOVING THE NSM PLUG-IN After you uninstall the Network and Security Manager (NSM) plug-in, such as when you upgrade to another Juniper product, you must manually remove the plug-in RPM to ensure that the Juniper NSM components are removed from the Juniper Secure Analytics (JSA) user interface. Step 1 Step 2 Step 3 Step 4 Procedure Using SSH, log in to JSA as the root user. To identify the name of the plug-in RPM, type the following command: rpm -qa grep plugin To remove the RPM file, type the following command: rpm -e nsm_plugin-<build_number> Restart the Tomcat service, type the following command: service tomcat restart

16 REMOVING THE NSM PLUG-IN

17

INDEX A adding policy column 12 audience 5 C configure server settings 9 conventions 5 customer support contacting 6 I installing plug-in 7 N NSM plug-in installing 7 launching 11 P plug-in installing 7 using 11 policy column adding 12 policy details viewing 12 S server settings configure 9 setup server settings 9 user permissions 9 user preferences 10 U user permissions setting 9 user preferences setting 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback