NSM Plug-In Users Guide

Similar documents
NSM Plug-In Users Guide

NSM Plug-In Users Guide

Setting Up an STRM Update Server

STRM Log Manager Administration Guide

Partition Splitting. Release Juniper Secure Analytics. Juniper Networks, Inc.

SETTING UP A JSA SERVER

Managing User-Defined QID Map Entries

Customizing the Right-Click Menu

Upgrading STRM to

Deploying STRM in an IPV6 Environment

Installing JSA Using a Bootable USB Flash Drive

Deploying JSA in an IPV6 Environment

STRM Adaptive Log Exporter

Restore Data. Release Juniper Secure Analytics. Juniper Networks, Inc.

STRM Administration Guide

Forwarding Logs Using Tail2Syslog. Release Security Threat Response Manager. Juniper Networks, Inc.

Reference Data Collections

JSA Common Ports Lists

Troubleshooting Guide

Log Sources Users Guide

Adaptive Log Exporter Users Guide

Release Notes. Juniper Secure Analytics. Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA

Patch Release Notes. Release Juniper Secure Analytics. Juniper Networks, Inc.

Reconfigure Offboard Storage During a JSA Upgrade

CUSTOM EVENT PROPERTIES FOR IBM Z/OS

ScreenOS 5.4.0r4 FIPS Reference Note

WinCollect User Guide

Bluetooth Micro Dongle User s Guide. Rating: 5V DC 80mA Made in China

Release Notes Patch 1

Tetration Cluster Cloud Deployment Guide

Blackwire C610 Blackwire C620

High Availability Guide

Hardware Installation 1. Install two AA batteries in the mouse. Pairing Process in Vista and Windows XP SP2

UPGRADING STRM TO R1 PATCH

Cisco Unified Communications Manager Device Package 10.5(1)( ) Release Notes

STRM Getting Started Guide. Release Security Threat Response Manager. Juniper Networks, Inc.

Operation Manual for Cloud 3700F Version 0

Cisco Unified Communications Manager Device Package 8.6(2)( ) Release Notes

Cisco Meeting Management

LaserJet Pro M501 Getting Started Guide

Bluetooth Mini Keyboard. User s Manual. Version /05 ID NO: PAKL-231B

Addendum to Cisco Physical Security Operations Manager Documentation, Release 6.1

4MP WI-FI PAN TILT CAMERA QUICK START GUIDE ENGLISH

Cisco Unified IP Conference Phone 8831 and 8831NR Release Notes for Firmware Release 10.3(1)SR3

Quick Start Guide. Powerline Wireless Extender GPLWE150 PART NO. Q1337.

Cisco Meeting Management

LabelWriter. Print Server. User Guide

IDP NetScreen-Security Manager Migration Guide

Let s get started. Need more help getting started?

USB to Serial Converter User s Guide

PnP IP/Network Camera

ZigBee Server USER GUIDE

RocketRAID 272x/271x Host Adapter

HomePlug Ethernet Bridge

Lantronix Wi-Fi Module Configuration Guide

Web Device Manager Guide

WiFi-Repeater User Manual. Quick Installation Guide(Q.I.G.) REV.1.2

Upgrade Guide. ScreenOS 6.1.0, Rev. 03. Security Products. Juniper Networks, Inc.

BITMAIN. AntRouter R1 Manual

READ FIRST! Bluetooth USB Adapter 2.0 Manual. Included in This Package Bluetooth USB Adapter CD-ROM with Bluetooth software and manual

WHG405 V2.10. Secure WLAN Controller

Single Port Serial PC Card User Manual

4800B Series PC Card Wireless LAN Adapter Quick-Start Guide

User Guide of AU-4612

Cisco Meeting App. User Guide. Version December Cisco Systems, Inc.

DATALOCKER H100 ENCRYPTED HARD DRIVE. User Guide

TERMINAL USER MANUAL 13/12/2017

ActiveHome2 USB 2-Way Home Automation Interface. Model CM15A

2.1 Operating System : Microsoft Widows 98/ME/NT/2000/XP. 3.1 Unplug the Modular Plug from the telephone and plug it in one of the Dual Modular Jack.

LightAide. Setup Guide

APC-100. IEEE g Wireless USB Adapter. User s Guide v1.0

Charging Pad / Charging Stand

SV PRO Network Security Appliance Quick Start Guide

H560N. Quick Start Guide

Retractable Kaleidoscope TM Notebook mouse USER GUIDE

ThinkPad Bluetooth Laser Mouse User Manual

USER S MANUAL Multi-LinQ USB2.0

USER GUIDE. Element Wireless Smart Plug Model: E1C-NB6

EL-IP-OBF2-WH / EL-IP-OBV2-WH EL-IP-OBF4-WH / EL-IP-OBV4-WH. Quick Start Guide

RocketU 1144CM 4-Port USB 3.0 PCI-Express 2.0 x4 RAID HBA

USB Hub-Audio Series. January 1999 A

IP Camera KK002 Quick Start Guide

RocketRAID 2760A. 6Gb/s SAS/SATA Host Adapter. Quick Instal l ation Guide v1.1

WHG201 V1.00. Secure WLAN Controller

Cisco Meeting App. What's new in Cisco Meeting App Version December 17

HP LaserJet P3005 Series Printers. Getting Started Guide

RocketCache 32xx Series HBA

Device Registration Walkthrough

Cisco Videoscape Distribution Suite Transparent Caching Troubleshooting Guide

Labtec Wireless Optical Desktop. Getting Started Guide

Installation Guide. DVI Net ShareStation GDIP201 PART NO. M1048

EL-IP-IDF2-WH / EL-IP-IDV2-WH EL-IP-IDF4-WH / EL-IP-IDV4-WH. Quick Start Guide

Zodiac WX QUICK START GUIDE

AIRNET 54Mb b/g High Power USB Adapter. User s Manual

WebRamp M3 Quick Start. for Windows and Macintosh

USER MANUAL USB Bluetooth Adapter

Customizing SNMP Traps

Addonics Technologies. ExDrive. User Guide. Revision 2.7

WHG425 V3.20. Secure WLAN Controller

TABLE OF CONTENTS Folding the Jacket Case into a Stand... 2 FCC Information... 3 Location of Parts and Controls... 4 Charging the Keyboard...

Transcription:

Security Threat Response Manager NSM Plug-In Users Guide Release 2010.0 Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408-745-2000 www.juniper.net Published: 2010-11-16

Copyright Notice Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. FCC Statement The following information is for FCC compliance of Class A devices: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. The equipment generates, uses, and can radiate radio-frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case users will be required to correct the interference at their own expense. The following information is for FCC compliance of Class B devices: The equipment described in this manual generates and may radiate radio-frequency energy. If it is not installed in accordance with NetScreen s installation instructions, it may cause interference with radio and television reception. This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. Increase the separation between the equipment and receiver. Consult the dealer or an experienced radio/tv technician for help. Connect the equipment to an outlet on a circuit different from that to which the receiver is connected. Caution: Changes or modifications to this product could void the user's warranty and authority to operate this device. Disclaimer THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR JUNIPER NETWORKS REPRESENTATIVE FOR A COPY. NSM Plug-In Users Guide Release 2010.0 Copyright 2010, Juniper Networks, Inc. All rights reserved. Printed in USA. Revision History November 2010 R2 NSM Plug-In Users Guide The information in this document is current as of the date listed in the revision history. 2

CONTENTS ABOUT THIS GUIDE Conventions 1 Technical Documentation 1 Contacting Customer Support 2 1 INSTALLING THE NSM PLUG-IN 2 SETTING UP THE PLUG-IN Configuring the Server Settings 5 Setting User Permissions 6 Setting User Preferences 7 3 USING THE PLUG-IN Launching NSM 9 Launching NSM 9 Viewing Policy Details 10 Adding the Policy Column 10 Viewing Policy Details 11

ABOUT THIS GUIDE The provides you with information for installing and configuring the Juniper Networks NSM Plug-In. Conventions Table 1 lists conventions that are used throughout this guide. Table 1 Icons Icon Type Description Information note Information that describes important features or instructions. Caution Warning Information that alerts you to potential loss of data or potential damage to an application, system, device, or network. Information that alerts you to potential personal injury. Technical Documentation You can access technical documentation, technical notes, and release notes directly from the Juniper Customer Support web site at https://www.juniper.net/suport/. Once you access the Technical support web site, locate the product and software release for which you require documentation. Your comments are important to us. Please send your e-mail comments about this guide or any of the Juniper Networks documentation to: techpubs-comments@juniper.net. Include the following information with your comments: Document title Page number

2 ABOUT THIS GUIDE Contacting Customer Support To help you resolve any issues that you may encounter when installing or maintaining STRM, you can contact Customer Support as follows: Open a support case using the Case Management link at http://www.juniper.net/support. Call 1-888-314-JTAC (from the United States, Canada, or Mexico) or1-408-745-9500 (from elsewhere).

1 INSTALLING THE NSM PLUG-IN Juniper Networks Network and Security Manager (NSM) is a software application that centralizes control and management of your Juniper Networks devices. Juniper Networks NSM delivers integrated, policy-based security and network management for all devices. You can use the Juniper Networks NSM Plug-In to view policy details from the Juniper Networks NSM server for an event. Note: Installing the Juniper Networks NSM Plug-In results in the httpd and Tomcat processes automatically restarting. This causes a service disruption while the processes restart. Step 1 Step 2 Step 3 Step 4 To install the Juniper Networks NSM Plug-In: Copy the 2010.0 iso file to /tmp. Navigate to /tmp: cd/tmp Enter the following command: mount -o loop <ISO Filename> /media/cdrom Enter the following command: rpm -Uvh /media/cdrom/post/qradar/nsm_plugin-7.0.0-<build>.i386.rpm Where <build> is the related STRM build number. The package manager will automatically unpack and install the NSM Plug-In rpm. The NSM Plug-in installation is complete when interface displays: Starting Tomcat: [ok] Starting httpd: [ok] If you want to connect to a Juniper NSM 2010 device: a Copy the following file from your Juniper NSM server: /usr/netscreen/guisvr/lib/webproxy/conf/server.crt to the following location on your STRM system: /opt/qradar/conf/webplugins/117/nsmplugin.cert b Restart Tomcat:

4 INSTALLING THE NSM PLUG-IN Step 5 Step 6 Step 7 service tomcat restart Log in to STRM: https://<ip Address> Where <IP Address> is the IP address of the STRM system. The default values are: Username: admin Password: <root password> Where <root password> is the password assigned to STRM during the STRM installation process. Click the Admin tab. The Admin interface appears. In the navigation pane, click Plug-ins. The NSM Plug-in Settings icon appears. Note: If multiple users or remote users are viewing the Admin tab, you may need to refresh your browser for the NSM Plug-in Settings icon to appear. You are now ready to setup your plug-in. See Chapter 2 Setting Up the Plug-In.

2 SETTING UP THE PLUG-IN Before viewing Juniper Networks NSM policy information, you must setup the plug-in settings in the STRM interface. This chapter includes setup information including: Configuring the Server Settings Setting User Permissions Setting User Preferences Configuring the Server Settings Step 1 Step 2 Step 3 To configure the Juniper Networks NSM Plug-In settings: Note: You must have administrative privileges to configure the Juniper Networks NSM server settings. For more information regarding privileges, see the STRM Administration Guide. Click the Admin tab. The Admin interface appears. In the navigation menu, click Plug-ins. The Plug-ins panel appears. In the Plug-In Configuration section, click the NSM Plug-in Settings icon. The NSM Server Settings window appears. Step 4 Step 5 In the NSM Server URL, specify IP address or hostname of the Juniper Networks NSM server to which you want to connect. Click Save Changes.

6 SETTING UP THE PLUG-IN Setting User Permissions You must ensure each user that must access plug-in information has the appropriate user role permissions. Note: You must have administrative privileges to configure the Juniper Networks NSM server settings. For more information, see the STRM Administration Guide. Step 1 Step 2 Step 3 Step 4 To set the appropriate user permissions for the Juniper Networks NSM Plug-In: Click the Admin tab. In the navigation menu, click Plug-ins. The Plug-ins panel appears. Click the User Roles icon. The Manage User Roles window appears. Choose one of the following options: a If you want to create a new role, click Create Role. b If you want to edit an existing role to include the NSM Plug-in Settings permissions, click the edit icon of the desired role. The Manage Role Permissions window appears. Step 5 Select the desired permissions for the NSM Plug-in Settings:

Setting User Preferences 7 Step 6 Step 7 Step 8 Launch NSM Client - Select this check box if you want to allow users the ability to Launch the NSM Client from the main interface. By default, the check box is clear. View NSM Policy Details from Events interface - Select this check box if you want to allow users the ability to view policy details for the Juniper Networks NSM server from the Log Activity interface. By default, the check box is clear. Select the remaining permissions. For more information on role permissions, see the STRM Administration Guide. Note: Make sure you have Events permissions to access the policy details. Complete the wizard. From the Admin tab menu, click Deploy Changes. Setting User Preferences All users with the View NSM Policy Details from Events interface role permission must enter their user settings to authenticate their user account with the Juniper Networks NSM server. This ensure the appropriate users are able to view policy details for an event. Step 1 To configure user details: In the STRM interface, click NSM Preferences. The NSM User Settings window appears. Step 2 Note: If your administrator has not completed the configuration of the plug-in, a message appears. Contact your system administrator to complete the configuration before continuing. See Configuring the Server Settings. Enter values for the parameters: NSM Login - Specify your username, as defined in the Juniper Networks NSM server. NSM Password - Specify your password, as defined in the Juniper Networks NSM server.

8 SETTING UP THE PLUG-IN Step 3 NSM Domain - Specify your domain, as defined in the Juniper Networks NSM server. The default is global. Click Save Changes. Note: If your credentials are rejected by the Juniper Networks NSM server but you have verified your access information, your IP address may be blocked by the Juniper Networks NSM server as a result of too many failed login attempts. Contact your Juniper Networks NSM server administrator to unblock the following IP address: 127.0.0.1 using the Tools > Manage Blocked Hosts option in the Juniper Networks NSM client.

3 USING THE PLUG-IN Once you have the plug-in configured and setup, you can view policy event information. This chapter provides information on launching and viewing policy details including: Launching NSM Viewing Policy Details Launching NSM This section provides information about launching NSM. Launching NSM Step 1 Step 2 To launch NSM: In the STRM interface, click Launch NSM. Choose one of the following options: If you are using FireFox 3.5 and this is the first time you are launching NSM, go to Step 3. If you are using Microsoft Internet Explorer 6.0/7.0 and this is the first time you are launching NSM, go to Step 4 If you have previously launched NSM, go to Step 5. Step 3 To launch NSM for the first time using FireFox 3.5: a b c d e In the Opening window, select the Open with option. Click Browse. Select the downloaded NSM.exe plug-in file in the appropriate directory. Typically, this file is located in the c:\\program Files\NetScreen-Security Manager\ directory. Click Ok. Select the Do this automatically for files like this from now on check box. f Click Ok. The Juniper Networks - NSM Login appears. g Go to Step 5. Step 4 To launch NSM for the first time using Internet Explorer 7.0/8.0: a From your desktop, select Start > Control Panel.

10 USING THE PLUG-IN Step 5 Step 6 b c d e f g The Control Panel appears. Double-click the Folder Options icon. Click the File Types tab. Create a new association for the.nsm extension and change the extension to access the NSM.exe file. Typically, this file is located in the c:\\program Files\NetScreen-Security Manager\ directory. Click Ok. In the STRM interface, click Launch NSM. In the File Download window, clear the Always ask before opening this type of file check box. h Click Open. The Juniper Networks - NSM Client login appears. i Go to Step 5. Enter the necessary log in credentials for the Juniper Networks Client. Click Ok. The Juniper Networks client appears. For more information, see your Juniper documentation. Viewing Policy Details Adding the Policy Column Step 1 Step 2 Step 3 Once the Juniper Networks NSM Plug-In is installed and configured, you can view policy details using the Log Activity interface. However, before you can view policy details, you must add the Policy column to the Log Activity interface display. This section includes information about adding the Policy column and viewing policy details including: Adding the Policy Column Viewing Policy Details To add the NSM Policy column to the Log Activity interface display: Click the Log Activity tab. The Log Activity interface appears. Using the Search drop-down list box, select New Search. The new search window appears. Using the Available Columns list, select the NSM Policy (custom) item.

Viewing Policy Details 11 Step 4 Step 5 Select the arrow to move the item to the Column list. Note: For information regarding additional search parameters, see the STRM Users Guide. Click Filter. The Log Activity interface appears with the Policy (custom) column. Viewing Policy Details Step 1 Step 2 Step 3 Step 4 To view policy details: Click the Log Activity tab. The Log Activity interface appears. Navigate to the event on which you want to view policy details. For more information navigating the Log Activity interface, see the STRM Users Guide. In the Policy (custom) column of the event you selected in Step 2, use the right mouse button (right-click) to access additional menu options. From the menu, select More options > View NSM Policy Details. The NSM Policy details window appears. Note: The More options menu item is not available in the Streaming mode.

12 USING THE PLUG-IN Each Juniper Networks NSM policy includes groups of rule base(s) and rules. This window provides details of the selected NSM policy and the details of the associated rules for this policy. This window may require several minute to populate depending on the amount of data. For more information regarding the Juniper Networks NSM policy, see your Juniper Networks NSM documentation.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback