Implementing Juniper Networks Secure AnalyticsIJSAJPJuniper NetworksJP-IJSA2014.a<p>After successfully completing this course, you should be able to: </p>
<ul>
<li>Describe the JSA system and its basic functionality.</li><li>Describe the hardware used with the JSA system.</li><li>Identify the technology behind the JSA system.</li><li>Identify the JSA system’s primary design divisions—display versus detection, and events versus traffic.</li><li>Plan and prepare for a new installation.</li><li>Access the administration console.</li><li>Configure the network hierarchy.</li><li>Configure the automatic update process.</li><li>Access the Deployment Editor.</li><li>Describe the JSA system’s internal processes.</li><li>Describe event and flow source configuration.</li><li>List key features of the JSA architecture.</li><li>Describe the JSA system’s processing logic.</li><li>Interpret the correlation of flow data and event data.</li><li>List the architectural component that provides each key function.</li><li>Describe Events and explain where they come from.</li><li>Access the Log Activity interface.</li><li>Execute Event searches.</li><li>Describe flows and their origin.</li><li>Configure the Network Activity interface.</li><li>Execute Flow searches.</li><li>Specify the JSA system’s Asset Management and Vulnerability Assessment functionality.</li><li>Access the Assets interface.</li><li>View Asset Profile data.</li><li>View Server Discovery.</li><li>Access the Vulnerability Assessment Scan Manager to produce vulnerability assessments (VAs).</li><li>Access vulnerability scanner configuration.</li><li>View vulnerability profiles.</li><li>Describe rules.</li><li>Configure rules.</li><li>Configure Building Blocks (BBs).</li><li>Explain how rules and flows work together.</li><li>Access the Offense Manager interface.</li><li>Understand Offense types.</li><li>Configure Offense actions.</li><li>Navigate the Offense interface.</li><li>Explain the Offense summary screen.</li><li>Search Offenses.</li><li>Use the JSA system’s Reporting functionality to produce graphs and reports.</li><li>Navigate the Reporting interface.</li><li>Configure Report Groups.</li><li>Demonstrate Report Branding.</li><li>View Report formats.</li><li>Identify the basic information on maintaining and troubleshooting the JSA system.</li><li>Navigate the JSA dashboard.</li><li>List flow and event troubleshooting steps.</li><li>Access the Event Mapping Tool.</li><li>Configure Event Collection for Junos devices.</li><li>Configure Flow Collection for Junos devices.</li><li>Explain high availability (HA) functionality on a JSA device.</li></ul><p>This course assumes that students have basic networking knowledge and experience in the following areas:</p>
<ul>
<li>Understanding of TCP/IP operation;</li><li>Understanding of network security concepts; and</li><li>Experience in network security administration.</li></ul><p>This course replaces the CSTRM (Configuring Security Threat Response Manager)</p>
<p>This three-day course discusses the configuration of Juniper Networks JSA Series Secure Analytics (formerly known as Security Threat Response Manager [STRM]) in a typical network environment. Key topics include deploying a JSA Series device in the network, configuring flows, running reports, and troubleshooting.</p>
<p>Through demonstrations and hands-on labs, students will gain experience in configuring, testing, and troubleshooting the JSA Series device. This course uses the Juniper Networks Secure Analytics (JSA) VM virtual appliance for the hands-on component. This course is based on JSA software 2014.2R4.</p><h5>Day 1</h5>
<h5>Chapter 1: Course Introduction</h5>
<h5>Chapter 2: Product Overview</h5><ul>
<li>Overview of the JSA Series Device</li><li>Hardware</li><li>Collection</li><li>Operational Flow</li></ul><h5>Chapter 3: Initial Configuration</h5><ul>
<li>A New Installation</li><li>Administration Console</li><li>Platform Configuration</li><li>Deployment Editor</li><li>Lab 1: Initial Configuration</li></ul><h5>Chapter 4: Architecture</h5><ul>
<li>Processing Log Activity</li><li>Processing Network Activity</li><li>JSA Deployment Options</li></ul><h5>Chapter 5: Log Activity</h5><ul>
<li>Log Activity Overview</li><li>Configuring Log Activity</li><li>Lab 2: Log Activity</li></ul><h5>Day 2</h5><h5>Chapter 6: Network Activity</h5><ul>
<li>Network Activity Overview</li><li>Configuring Network Activity</li><li>Lab 3: Network Activity</li></ul>
<h5>Chapter 7: Assets and Vulnerability Assessment</h5><ul>
<li>Asset Interface</li><li>Vulnerability Assessment</li><li>Vulnerability Scanners</li><li>Lab 4: Assets and Vulnerability Assessment</li></ul><h5>Chapter 8: Rules</h5><ul>
<li>Rules</li><li>Configure Rules and Building Blocks</li><li>Lab 5: Rules</li></ul><h5>Chapter 9: Offense Manager</h5><ul>
<li></li><li>Offense Manager</li><li>Offense Manager Configuration</li><li>Offense Investigation</li><li>Lab 6: Configure the Offense Manager</li></ul><h5>Day 3</h5><h5>Chapter 10: JSA Reporting</h5><ul>
<li>Reporting Functionality</li><li>Reporting Interface</li><li>Lab 7: Reporting</li></ul><h5>Chapter 11: Basic Tuning and Troubleshooting</h5><ul>
<li>Basic Tuning</li><li>Troubleshooting</li></ul><h5>Chapter 12: Configuring Junos Devices for Use with JSA</h5><ul>
<li>Collecting Junos Events</li><li>Collecting Junos Flows</li><li>Lab 8: Configuring Junos Devices for JSA</li></ul><h5>Appendix A: High Availability</h5><ul>
<li>High Availability</li><li>Configuring High Availability</li></ul>After successfully completing this course, you should be able to:
- Describe the JSA system and its basic functionality.
- Describe the hardware used with the JSA system.
- Identify the technology behind the JSA system.
- Identify the JSA system’s primary design divisions—display versus detection, and events versus traffic.
- Plan and prepare for a new installation.
- Access the administration console.
- Configure the network hierarchy.
- Configure the automatic update process.
- Access the Deployment Editor.
- Describe the JSA system’s internal processes.
- Describe event and flow source configuration.
- List key features of the JSA architecture.
- Describe the JSA system’s processing logic.
- Interpret the correlation of flow data and event data.
- List the architectural component that provides each key function.
- Describe Events and explain where they come from.
- Access the Log Activity interface.
- Execute Event searches.
- Describe flows and their origin.
- Configure the Network Activity interface.
- Execute Flow searches.
- Specify the JSA system’s Asset Management and Vulnerability Assessment functionality.
- Access the Assets interface.
- View Asset Profile data.
- View Server Discovery.
- Access the Vulnerability Assessment Scan Manager to produce vulnerability assessments (VAs).
- Access vulnerability scanner configuration.
- View vulnerability profiles.
- Describe rules.
- Configure rules.
- Configure Building Blocks (BBs).
- Explain how rules and flows work together.
- Access the Offense Manager interface.
- Understand Offense types.
- Configure Offense actions.
- Navigate the Offense interface.
- Explain the Offense summary screen.
- Search Offenses.
- Use the JSA system’s Reporting functionality to produce graphs and reports.
- Navigate the Reporting interface.
- Configure Report Groups.
- Demonstrate Report Branding.
- View Report formats.
- Identify the basic information on maintaining and troubleshooting the JSA system.
- Navigate the JSA dashboard.
- List flow and event troubleshooting steps.
- Access the Event Mapping Tool.
- Configure Event Collection for Junos devices.
- Configure Flow Collection for Junos devices.
- Explain high availability (HA) functionality on a JSA device.This course assumes that students have basic networking knowledge and experience in the following areas:
- Understanding of TCP/IP operation;
- Understanding of network security concepts; and
- Experience in network security administration.This course replaces the CSTRM (Configuring Security Threat Response Manager)
This three-day course discusses the configuration of Juniper Networks JSA Series Secure Analytics (formerly known as Security Threat Response Manager [STRM]) in a typical network environment. Key topics include deploying a JSA Series device in the network, configuring flows, running reports, and troubleshooting.
Through demonstrations and hands-on labs, students will gain experience in configuring, testing, and troubleshooting the JSA Series device. This course uses the Juniper Networks Secure Analytics (JSA) VM virtual appliance for the hands-on component. This course is based on JSA software 2014.2R4.Day 1
Chapter 1: Course Introduction
Chapter 2: Product Overview
- Overview of the JSA Series Device
- Hardware
- Collection
- Operational Flow
Chapter 3: Initial Configuration
- A New Installation
- Administration Console
- Platform Configuration
- Deployment Editor
- Lab 1: Initial Configuration
Chapter 4: Architecture
- Processing Log Activity
- Processing Network Activity
- JSA Deployment Options
Chapter 5: Log Activity
- Log Activity Overview
- Configuring Log Activity
- Lab 2: Log Activity
Day 2
Chapter 6: Network Activity
- Network Activity Overview
- Configuring Network Activity
- Lab 3: Network Activity
Chapter 7: Assets and Vulnerability Assessment
- Asset Interface
- Vulnerability Assessment
- Vulnerability Scanners
- Lab 4: Assets and Vulnerability Assessment
Chapter 8: Rules
- Rules
- Configure Rules and Building Blocks
- Lab 5: Rules
Chapter 9: Offense Manager
-
- Offense Manager
- Offense Manager Configuration
- Offense Investigation
- Lab 6: Configure the Offense Manager
Day 3
Chapter 10: JSA Reporting
- Reporting Functionality
- Reporting Interface
- Lab 7: Reporting
Chapter 11: Basic Tuning and Troubleshooting
- Basic Tuning
- Troubleshooting
Chapter 12: Configuring Junos Devices for Use with JSA
- Collecting Junos Events
- Collecting Junos Flows
- Lab 8: Configuring Junos Devices for JSA
Appendix A: High Availability
- High Availability
- Configuring High Availability3 days1400.002250.002400.007810.002500.002500.002500.002700.002250.002250.003000.002395.002250.00