Juniper Secure Analytics Log Manager Users Guide · •E-mail—Sendyourcommentstotechpubs-comments@juniper.net.Includethedocument ortopicname,URLorpagenumber,andsoftwareversion(ifapplicable)

Juniper SecureAnalytics LogManagerUsersGuide

Release

7.3.0

Modified: 2017-09-13

Copyright © 2017, Juniper Networks, Inc.

Juniper Networks, Inc.1133 InnovationWaySunnyvale, California 94089USA408-745-2000www.juniper.net

Copyright © 2017 Juniper Networks, Inc. All rights reserved.

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. and/or its affiliates inthe United States and other countries. All other trademarks may be property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.

Juniper Secure Analytics Log Manager Users Guide7.3.0Copyright © 2017 Juniper Networks, Inc. All rights reserved.

The information in this document is current as of the date on the title page.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.

ENDUSER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted athttp://www.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of thatEULA.

Copyright © 2017, Juniper Networks, Inc.ii

http://www.juniper.net/support/eula/

Table of Contents

About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Part 1 Log Manager

Chapter 1 About Log Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Log Manager Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Navigate the Web-Based Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Supported Web Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Enabling Document Mode and Browser Mode in Internet Explorer . . . . . . . . . 4

Access Log Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

RESTful API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

User Interface Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Dashboard Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Log Activity Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Assets Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Log Manager Vulnerability Manager Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Admin Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Log Manager Common Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Viewing Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Sorting Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Refreshing and Pausing the User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Investigating IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Investigate User Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Updating User Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Resize Columns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Configure Page Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 2 Dashboard Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Dashboard Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Log Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Most Recent Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

System Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Vulnerability Management Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

iiiCopyright © 2017, Juniper Networks, Inc.

System Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Adding Dashboard Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Using the Dashboard to Investigate Log Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

Configuring Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Removing Dashboard Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Detaching a Dashboard Item . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Renaming a Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Deleting a Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Managing System Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Adding Search-based Dashboard Items to the Add Items List . . . . . . . . . . . . . . . . 27

Chapter 3 Log Activity Investigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Log Activity Tab Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Log Activity Tab Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Searching Data by Using the Advanced Search Toolbar . . . . . . . . . . . . . . . . . 32

Quick Filter Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Right-Click Menu Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Status Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Log Activity Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Viewing Streaming Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Viewing Normalized Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Viewing Raw Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Viewing Grouped Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Event Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Event Details Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Modifying Event Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Managing PCAP Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Displaying the PCAP Data Column . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

Viewing PCAP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

Downloading the PCAP File to your Desktop System . . . . . . . . . . . . . . . . . . . 49

Exporting Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

Chapter 4 Chart Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Chart Configuration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Time Series Chart Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Chart Legends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Configuring Charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Chapter 5 Data Searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Searching for Items that Match your Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Saving Search Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Scheduled Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Advanced Search Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Accessing Advanced Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

AQL Search String Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

AQL Search String Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Reporting Account Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Insight Across Multiple Account Identifiers . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Identify Suspicious Long-term Beaconing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

External Threat Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Copyright © 2017, Juniper Networks, Inc.iv

Log Manager Users Guide

Asset Intelligence and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Network LOOKUP Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Rule LOOKUP Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Full TEXT SEARCH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Custom Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Quick Filter Search Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

Using a Subsearch to Refine Search Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Deleting Search Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Using a Sub-search to Refine Search Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Managing Search Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Saving Search Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Viewing Managed Search Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73

Canceling a Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Deleting a Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Managing Search Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Viewing Search Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Creating a New Search Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Editing a Search Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Copying a Saved Search to another Group . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Removing a Group or a Saved Search from a Group . . . . . . . . . . . . . . . . . . . . 79

Chapter 6 Custom Event Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Required Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Custom Property Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Creating a Regex-Based Custom Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Creating a Calculation-Based Custom Property . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

Modifying a Custom Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Copying a Custom Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Deleting a Custom Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Chapter 7 Rule Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Rule Permission Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Rules Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Event Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Rule Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Domain-specific rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Rule Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Reference Data Collection Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Viewing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Creating a Custom Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Rule Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Enabling and Disabling Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Editing a Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Copying a Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Deleting a Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Rule Group Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Viewing a Rule Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Creating a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Assigning an Item to a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Editing a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

vCopyright © 2017, Juniper Networks, Inc.

Table of Contents

Copying an Item to another Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Deleting an Item from a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Deleting a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Editing Building Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Rule Page Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Rules Page Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Rule Response Page Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Chapter 8 Asset Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Asset Profile Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

About Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Assets Tab Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Using Assets Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Asset Tab List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Assets Tab Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Right-click Menu Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Viewing an Asset Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Adding or Editing an Asset Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Searching Asset Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Saving Asset Search Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Asset Search Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Viewing Search Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

Creating a New Search Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

Editing a Search Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Copying a Saved Search to another Group . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

Removing a Group or a Saved Search from a Group . . . . . . . . . . . . . . . . . . . 123

Asset Profile Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Deleting Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Importing Asset Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

Exporting Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Research Asset Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Assets Profile Page Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Asset Summary Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Network Interface Summary Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Vulnerability Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

Services Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Services Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Windows Services Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Packages Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Windows Patches Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Properties Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Risk Policies Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Products Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Chapter 9 Report Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Report Management Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Time Zone Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Report Tab Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Copyright © 2017, Juniper Networks, Inc.vi


Report Tab Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Reports Tab Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Time one Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Report Tab Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Report Tab Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Report Tab Sort Order . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Report Tab Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Report Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Chart Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Graph Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Creating Custom Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Report Management Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Editing a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

Viewing Generated Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Deleting Generated Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147

Manually Generating a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Duplicating a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Sharing a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Branding Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

Report Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Report Groups Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Creating a Report Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

Editing a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

Assign a Report to a Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Copying a Report to Another Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Removing a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

Sharing Report Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

viiCopyright © 2017, Juniper Networks, Inc.

Table of Contents

List of Tables

About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi

Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii

Part 1 Log Manager

Chapter 1 About Log Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Table 3: SupportedWeb Browsers for Log Manager Products . . . . . . . . . . . . . . . . . 4

Table 4: Default Login Information for Log Manager . . . . . . . . . . . . . . . . . . . . . . . . . 5

Table 5: Rest Api Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Table 6: Administration Management Tools Available in Log Manager . . . . . . . . . . 9

Table 7: Functions Available in the Messages Window . . . . . . . . . . . . . . . . . . . . . . 10

Table 8: Options to Close System Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Table 9: Refresh, Pause and Play Options on the Tab . . . . . . . . . . . . . . . . . . . . . . . 13

Table 10: IP Addresses Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Table 11: Menu Options for User Name Investigation . . . . . . . . . . . . . . . . . . . . . . . . 14

Table 12: Parameters to Update User Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Chapter 2 Dashboard Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Table 13: Log Activity Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Table 14: Chart types in the Log Activity Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Table 15: Configuring Charts Parameter Options. . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Chapter 3 Log Activity Investigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Table 16: Log Activity Toolbar Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

Table 17: Right-click Menu Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Table 18: Log Activity tab - Default (Normalized) Parameters . . . . . . . . . . . . . . . . 36

Table 19: Raw Event Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

Table 20: Grouped Events Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

Table 21: Grouped Event Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Table 22: Event Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Table 23: Event Details Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

Chapter 4 Chart Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Table 24: Time Series Charts Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Table 25: Configuring Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Chapter 5 Data Searches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

Table 26: Search Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Table 27: Enter Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Table 28: Examples of AQL Search Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Table 29: Quick Filter Syntax Guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

ixCopyright © 2017, Juniper Networks, Inc.

Table 30: Manage Search Results Page Parameters . . . . . . . . . . . . . . . . . . . . . . . 74

Table 31: Manage Search Results Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Table 32: Search Group Window Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Table 33: Search Group Window Toolbar Functions . . . . . . . . . . . . . . . . . . . . . . . . 77

Chapter 6 Custom Event Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Table 34: Custom Property Definition Window Parameters (regex) . . . . . . . . . . . 83

Table 35: Custom Property Definition Window Parameters (Calculation) . . . . . . 84

Table 36: Custom Properties Window Columns . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Table 37: Custom Property Toolbar Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

Chapter 7 Rule Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

Table 38: Rules Page Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Table 39: Rules Page Toolbar Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

Table 40: Event, Flow, and Common Rule Response Page Parameters . . . . . . . 104

Chapter 8 Asset Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Table 41: Asset Profile Page Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

Table 42: Asset Profiles Page Toolbar Functions . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Table 43: Right-click Menu Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Table 44: Asset Profile Page Toolbar Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Table 45: Names & Description Pane Parameters . . . . . . . . . . . . . . . . . . . . . . . . . 115

Table 46: CVSS andWeight Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Table 47: Owner Pane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Table 48: Saving Asset Search Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

Table 49: Asset Search Groups Window Toolbar Functions . . . . . . . . . . . . . . . . . 121

Table 50: Research Vulnerability Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Table 51: Asset Summary Pane Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

Table 52: Network Interface Summary Pane Parameters . . . . . . . . . . . . . . . . . . . 130

Table 53: Vulnerability Pane Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

Table 54: Services Pane Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Table 55: Services Pane Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

Table 56: Windows Services Pane Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Table 57: Packages Pane Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

Table 58: Windows Patches Pane Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Table 59: Properties Pane Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

Table 60: Risk Policies Pane Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Table 61: Products Pane Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Chapter 9 Report Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Table 62: Report Tab Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Table 63: Report Toolbar Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Table 64: Report Wizard Schedule Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

Table 65: Report Parameter Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Table 66: Distribution Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Table 67: Sharing Options and Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

Copyright © 2017, Juniper Networks, Inc.x


About the Documentation

• Documentation and Release Notes on page xi

• Documentation Conventions on page xi

• Documentation Feedback on page xiii

• Requesting Technical Support on page xiv

Documentation and Release Notes

To obtain the most current version of all Juniper Networks®technical documentation,

see the product documentation page on the Juniper Networks website at

http://www.juniper.net/techpubs/.

If the information in the latest release notes differs from the information in the

documentation, follow the product Release Notes.

Juniper Networks Books publishes books by Juniper Networks engineers and subject

matter experts. These books go beyond the technical documentation to explore the

nuances of network architecture, deployment, and administration. The current list can

be viewed at http://www.juniper.net/books.

Documentation Conventions

Table 1 on page xii defines notice icons used in this guide.

xiCopyright © 2017, Juniper Networks, Inc.

http://www.juniper.net/techpubs/http://www.juniper.net/books

Table 1: Notice Icons

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Indicates a situation that might result in loss of data or hardware damage.Caution

Alerts you to the risk of personal injury or death.Warning

Alerts you to the risk of personal injury from a laser.Laser warning

Indicates helpful information.Tip

Alerts you to a recommended use or implementation.Best practice

Table 2 on page xii defines the text and syntax conventions used in this guide.

Table 2: Text and Syntax Conventions

ExamplesDescriptionConvention

To enter configuration mode, type theconfigure command:

user@host> configure

Represents text that you type.Bold text like this

user@host> show chassis alarms

No alarms currently active

Represents output that appears on theterminal screen.

Fixed-width text like this

• A policy term is a named structurethat defines match conditions andactions.

• Junos OS CLI User Guide

• RFC 1997,BGPCommunities Attribute

• Introduces or emphasizes importantnew terms.

• Identifies guide names.

• Identifies RFC and Internet draft titles.

Italic text like this

Configure themachine’s domain name:

[edit]root@# set system domain-namedomain-name

Represents variables (options for whichyou substitute a value) in commands orconfiguration statements.

Italic text like this

Copyright © 2017, Juniper Networks, Inc.xii


Table 2: Text and Syntax Conventions (continued)

ExamplesDescriptionConvention

• To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level.

• Theconsoleport is labeledCONSOLE.

Represents names of configurationstatements, commands, files, anddirectories; configurationhierarchy levels;or labels on routing platformcomponents.

Text like this

stub ;Encloses optional keywords or variables.< > (angle brackets)

broadcast | multicast

(string1 | string2 | string3)

Indicates a choice between themutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.

| (pipe symbol)

rsvp { # Required for dynamicMPLS onlyIndicates a comment specified on thesame lineas theconfiguration statementto which it applies.

# (pound sign)

community namemembers [community-ids ]

Encloses a variable for which you cansubstitute one or more values.

[ ] (square brackets)

[edit]routing-options {static {route default {nexthop address;retain;

}}

}

Identifies a level in the configurationhierarchy.

Indention and braces ( { } )

Identifies a leaf statement at aconfiguration hierarchy level.

; (semicolon)

GUI Conventions

• In the Logical Interfaces box, selectAll Interfaces.

• To cancel the configuration, clickCancel.

Representsgraphicaluser interface(GUI)items you click or select.

Bold text like this

In the configuration editor hierarchy,select Protocols>Ospf.

Separates levels in a hierarchy of menuselections.

> (bold right angle bracket)

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we can

improve the documentation. You can provide feedback by using either of the following

methods:

• Online feedback rating system—On any page of the Juniper Networks TechLibrary site

athttp://www.juniper.net/techpubs/index.html, simply click the stars to rate thecontent,

and use the pop-up form to provide us with information about your experience.

Alternately, you can use the online feedback form at

http://www.juniper.net/techpubs/feedback/.

xiiiCopyright © 2017, Juniper Networks, Inc.


http://www.juniper.net/techpubs/index.htmlhttp://www.juniper.net/techpubs/feedback/

• E-mail—Sendyourcommentsto [email protected]. Includethedocument

or topic name, URL or page number, and software version (if applicable).

Requesting Technical Support

Technical product support is available through the JuniperNetworksTechnicalAssistance

Center (JTAC). If you are a customer with an active J-Care or Partner Support Service

support contract, or are covered under warranty, and need post-sales technical support,

you can access our tools and resources online or open a case with JTAC.

• JTAC policies—For a complete understanding of our JTAC procedures and policies,

review the JTAC User Guide located at

http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

• Product warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/.

• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,

7 days a week, 365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online

self-service portal called the Customer Support Center (CSC) that provides youwith the

following features:

• Find CSC offerings: http://www.juniper.net/customers/support/

• Find product documentation: http://www.juniper.net/techpubs/

• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/

• Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

• Search technical bulletins for relevant hardware and software notifications:

http://kb.juniper.net/InfoCenter/

• Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/

Toverify serviceentitlementbyproduct serial number, useourSerialNumberEntitlement

(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/

Opening a Casewith JTAC

You can open a case with JTAC on theWeb or by telephone.

• Use the Case Management tool in the CSC at http://www.juniper.net/cm/.

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

Copyright © 2017, Juniper Networks, Inc.xiv


mailto:[email protected]?subject=http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdfhttp://www.juniper.net/support/warranty/http://www.juniper.net/customers/support/http://www.juniper.net/techpubs/http://kb.juniper.net/http://www.juniper.net/customers/csc/software/http://kb.juniper.net/InfoCenter/http://www.juniper.net/company/communities/http://www.juniper.net/cm/https://tools.juniper.net/SerialNumberEntitlementSearch/http://www.juniper.net/cm/

For international or direct-dial options in countries without toll-free numbers, see

http://www.juniper.net/support/requesting-support.html.

xvCopyright © 2017, Juniper Networks, Inc.


http://www.juniper.net/support/requesting-support.html

PART 1

Log Manager

• About Log Manager on page 3

• Dashboard Management on page 17

• Log Activity Investigation on page 29

• Chart Management on page 51

• Data Searches on page 57

• Custom Event Properties on page 81

• Rule Management on page 89

• Asset Profiles on page 107

• Report Management on page 137

1Copyright © 2017, Juniper Networks, Inc.

CHAPTER 1

About Log Manager

This chapter describes about the Log Manager in the following sections:

• Log Manager Overview on page 3

• SupportedWeb Browsers on page 4

• Access Log Manager on page 4

• RESTful API on page 5

• User Interface Tabs on page 7

• Log Manager Common Procedures on page 9

LogManager Overview

Log Manager is a network security management platform that provides situational

awareness and compliance support through security event correlation, analysis, and

reporting.

Navigate theWeb-Based Application

When you use Log Manager, use the navigation options available in the Log Manager

user interface instead of your web browser Back button.

RelatedDocumentation

Access Log Manager on page 4•

• Viewing Messages on page 10

• Investigate User Names on page 14


SupportedWeb Browsers

For the features in Log Manager products to work properly, youmust use a supported

web browser.

When you access the Log Manager system, you are prompted for a user name and a

password. The user name and passwordmust be configured in advance by the

administrator.

Table 3 on page 4 lists the supported versions of web browsers.

Table 3: SupportedWeb Browsers for LogManager Products

Supported versionWeb browser

Mozilla Firefox • 38.0 Extended Support Release

Microsoft Internet Explorer, with document mode and browser modeenabled

• 10.0

• 11.0

• Enabling Document Mode and Browser Mode in Internet Explorer on page 4

Enabling Document Mode and Browser Mode in Internet Explorer

If you use Microsoft Internet Explorer to access Log Manager products, youmust enable

browser mode and document mode.

To enable the browser mode and document mode:

1. In your Internet Explorer web browser, press F12 to open the Developer Tools window.

2. Click Browser Mode and select the version of your web browser.

3. Click Document Mode.

• For Internet Explorer V9.0, select Internet Explorer 9.0 Standards.

• For Internet Explorer V10.0, select Internet Explorer 10.0 Standards.


Log Manager Overview on page 3•



Access LogManager

Log Manager is a web-based application. Log Manager uses default login information

for the URL, user name, and password.



Table 4 on page 5 describes when you log in to your Log Manager console.

Table 4: Default Login Information for LogManager

DefaultLogin information

https://, where is the IP address of the Log Managerconsole.

URL

adminUser name

The password that is assigned to Log Manager during the installation process.Password

A default license key provides you access to the system for 5 weeks.License key


Log Manager Overview on page 3•



RESTful API

Use the representational state transfer (REST) application programming interface (API)

tomakeHTTPSqueries and integrate JuniperSecureAnalytics (JSA)withother solutions.

Access and user role permissions

Youmust have administrative user role permissions in JSA to access and use RESTful

APIs. For more information about how tomanage user role permissions, see the Juniper

Secure Analytics Administration Guide.

Access to the REST API User Interfaces

Table 5 on page 5 provides descriptions and capabilities for the REST API interfaces.

Table 5: Rest Api Interfaces

DescriptionREST API

Query databases, searches, search IDs, and search results./api/ariel

Returns a list of all assets in the model. You can also list all available asset propertytypes and saved searches, and update an asset.

/api/asset_model

Review andmanage JSA Vulnerability Manager data./api/qvm

Log out and invalidate the current session./api/auth

Returns a list of API capabilities./api/help

Returns a list of all offenses./api/siem


Chapter 1: About Log Manager

Table 5: Rest Api Interfaces (continued)

DescriptionREST API

View andmanage reference data collections./api/referecedata

Retrieve assets, vulnerabilities, networks, open services, networks, filters, or create orupdate remediation tickets. Review andmanage JSA vulnerability manager data.

/api/qvm

View, create, or start a remote scan that is related to a scan profile./api/scanner

The RESTAPI technical documentation interface provides a framework that you can use

togather the requiredcode that youneed to implement JSA functions intoother products.

1. Enter the following URL in your web browser to access the technical documentation

interface: https:///api_doc.

2. Click the header for the API that you want to access, for example, /ariel.

3. Click the subhead for the endpoint that you want to access, for example, /databases.

4. Click the Experimental or Provisional sub header.

NOTE: Note: The API endpoints are annotated as either experimental orstable.

Experimental

Indicates that theAPIendpointmightnotbe fully testedandmightchangeor be removed in the future without any notice.

Stable

Indicates that the API endpoint is fully tested and supported.

5. Click Try it out to receive properly formatted HTTPS responses.

6. Review and gather the information that you need to implement in your third-party

solution.







https:///api_doc

User Interface Tabs

Functionality is divided into tabs. The Dashboard tab is displayed when you log in.

You can easily navigate the tabs to locate the data or functionality you require.

• Dashboard Tab on page 7

• Log Activity Tab on page 7

• Assets Tab on page 8

• Log Manager Vulnerability Manager Tab on page 8

• Admin Tab on page 9

Dashboard Tab

The Dashboard tab is the default tab that is displayed when you log in.

TheDashboard tabprovidesaworkspaceenvironment thatsupportsmultipledashboards

onwhich youcandisplay your viewsof network security, activity, or data that LogManager

collects. Five default dashboards are available. Each dashboard contains items that

provide summary and detailed information about offenses that occur on your network.

Youcanalso createa customdashboard toallowyou to focuson your security or network

operations responsibilities. For more information about using the Dashboard tab, see

“Dashboard Management Overview” on page 17.

The Dashboard tab is the default tab that is displayed when you log in to Log Manager.

It provides a work space environment that provides summary and detailed information

on events occurring in your network.





Log Activity Tab

The Log Activity tab will allow you to investigate event logs being sent to Log Manager

in real-time, perform powerful searches, and view log activity by using configurable

time-series charts.

The Log Activity tab will allow you to perform in-depth investigations on event data.

For more information, see “Log Activity Investigation” on page 29.







Assets Tab

Log Manager automatically discovers assets, servers, and hosts, operating on your

network. The Assets tab is visible when Log Manager Vulnerability Manager is installed

on your system.

For more information, see the Vulnerability Manager Users Guide.

Automatic discovery is based on passive flow data and vulnerability data, allowing Log

Manager to build an asset profile.

Asset profiles provide information about each known asset in your network, including

identity information, if available, andwhat services are running on eachasset. This profile

data is used for correlation purposes to help reduce false positives.

For example, an attack tries to use a specific service that is running on a specific asset.

In this situation, LogManager candeterminewhether theasset is vulnerable to thisattack

by correlating the attack to the asset profile. Using the Assets tab, you can view the

learned assets or search for specific assets to view their profiles.

For more information, see “Assets Profile Page Parameters” on page 127.





LogManager Vulnerability Manager Tab

LogManager Vulnerability Manager is a LogManager component that you can purchase

separately. You use a license key to enable Log Manager Vulnerability Manager.

Log Manager Vulnerability Manager is a network-scanning platform that provides

awareness of the vulnerabilities that exist within the applications, systems, or devices

onyournetwork.After scans identify vulnerabilities, youcansearchand reviewvulnerability

data, remediate vulnerabilities, and rerun scans to evaluate the new level of risk.

When Log Manager Vulnerability Manager is enabled, you can perform vulnerability

assessment taskson theVulnerabilities tab. FromtheAssets tab, youcan runLogManager

Vulnerability Manager scans on selected assets.








Admin Tab

Administrators use theAdmin tab to configure andmanage theusers, systems, networks,

plug-ins, and components. Users with administration privileges can access the Admin

tab.

Table 6 on page 9 describes the administration tools that administrators can access in

the Admin tab.

Table 6: AdministrationManagement Tools Available in LogManager

DescriptionAdmin tool

Configure system and user management options.System Configuration

Configure log sources, flow sources, and vulnerability options.

Configure log sources.

Data Sources

Configure remote networks and services groups.Remote Networks and ServicesConfiguration

Access plug-in components. This option is only displayed if there are plug-insthat are installed on your console.

Plug-ins

Manage the individual components of your Log Manager deployment.Deployment Editor

All configuration updates that youmake in the Admin tab are saved to a staging area.

Whenall changesarecomplete, youcandeploy theconfigurationupdates to themanaged

host in your deployment.





LogManager Common Procedures

Various controls on the Log Manager user interface are common tomost user interface

tabs.

Information about these common procedures is described in the following sections:


• Sorting Results on page 12

• Refreshing and Pausing the User Interface on page 12

• Investigating IP addresses on page 13




• System Time on page 14

• Updating User Preferences on page 14

• Resize Columns on page 15

• Configure Page Size on page 15

ViewingMessages

The Messages menu, which is on the upper right corner of the user interface, provides

access to a window in which you can read andmanage your system notifications.

For systemnotifications to showon theMessageswindow, theadministratormust create

a rule that is based on each notification message type and select the Notify check box

in the Custom RulesWizard.

The Messages menu indicates howmany unread system notifications you have in your

system. This indicator increments the number until you close system notifications. For

each systemnotification, theMessageswindowprovidesa summaryand thedate stamp

for when the system notification was created. You can hover your mouse pointer over a

notification to viewmore detail. Using the functions on the Messages window, you can

manage the system notifications.

Systemnotifications are also available on the Dashboard tab and on an optional pop-up

window that can be displayed on the lower left corner of the user interface. Actions that

you perform in the Messages window are propagated to the Dashboard tab and the

pop-up window. For example, if you close a system notification from the Messages

window, the system notification is removed from all system notification displays.

For more information about Dashboard system notifications, see “Managing System

Notifications” on page 27.

Table 7 on page 10 describes the messages window functions.

Table 7: Functions Available in theMessagesWindow

DescriptionFunction

Click All to view all system notifications. This option is the default, therefore, you click All only if youselected another option and want to display all system notifications again.

All

Click Health to view only system notifications that have a severity level of Health.Health

Click Errors to view only system notifications that have a severity level of Error.Errors

ClickWarnings to view only the system notifications that have a severity level of Warning.Warnings

Click Information to view only the system notifications that have a severity level of information.Information



Table 7: Functions Available in theMessagesWindow (continued)

DescriptionFunction

Click Dismiss All to close all system notifications from your system. If you filtered the list of systemnotifications by using the Health, Errors, Warnings, or Information icons , the text on the View All iconchanges to one of the following options:

• Dismiss All Errors

• Dismiss All Health

• Dismiss All Warnings

• Dismiss All Info

Dismiss All

Click View All to view the system notification events in the Log Activity tab. If you filtered the list ofsystem notifications by using the Health, Errors, Warnings, or Information icons , the text on the ViewAll icon changes to one of the following options:

• View All Errors

• View All Health

• View AllWarnings

• View All Info

View All

Click the Dismiss icon beside a system notification to close the system notification from your system.Dismiss

To view themessage:

1. Log in to Log Manager.

2. On the upper right corner of the user interface, clickMessages.

3. On the Messages window, view the system notification details.

4. Optional. To refine the list of system notifications, click one of the following options:

• Errors

• Warnings

• Information

5. Optional. To close system notifications, choose one of the options from

Table 8 on page 11.

Table 8: Options to Close SystemNotifications

DescriptionOption

Click to close all system notifications.Dismiss All



Table 8: Options to Close SystemNotifications (continued)

DescriptionOption

Click the Dismiss icon next to the system notification that you want to close.Dismiss

6. Optional. To view the system notification details, hover your mouse pointer over the

system notification.

Sorting Results

You sort the results in tables by clicking a column heading. An arrow at the top of the

column indicates the direction of the sort.

To sort the results:


2. Click the column header once to sort the table in descending order; twice to sort the

table in ascending order.

Refreshing and Pausing the User Interface

You canmanually refresh, pause, and play the data that is displayed on tabs.

The Dashboard and Offenses tabs automatically refresh every 60 seconds.

The Log Activity tab automatically refreshes every 60 seconds if you are viewing the tab

in Last Interval (auto refresh) mode.

The timer, which is on the upper right corner of the interface, indicates the amount of

time until the tab is automatically refreshed.

WhenyouviewtheLogActivity tab inRealTime(streaming)orLastMinute (auto refresh)

mode, you can use the Pause icon to pause the current display.

You can also pause the current display in the Dashboard tab. Clicking anywhere inside a

dashboard item automatically pauses the tab. The timer flashes red to indicate that the

current display is paused.

To refresh and pause the user interface:


2. Click the tab that you want to view.

3. Choose one of the options from Table 9 on page 13.



Table 9: Refresh, Pause and Play Options on the Tab

DescriptionOption

Click Refresh, on the right corner of the tab, to refresh the tab.Refresh

Click to pause the display on the tab.Pause

Click to restart the timer after the timer is paused.Play

Investigating IP addresses

You can use several methods to investigate information about IP addresses on the

Dashboard, Log Activity, and Network Activity tabs.

About this task

You can findmore information about an IP address by any of themethods that are listed

in Table 10 on page 13.

Table 10: IP Addresses Information

DescriptionOption

Searches for DNS entries that are based on the IP address.Information > DNS Lookup

Searches for the registered owner of a remote IP address. The default WHOIS server iswhois.arin.net.

Information >WHOIS Lookup

Performs aNetworkMapper (NMAP) scan of the selected IP address. This option is onlyavailable if NMAP is installed on your system. For more information about installingNMAP, see your vendor documentation.

Information > Port Scan

Displays asset profile information. This option is displayed if Juniper Secure Analytics(JSA) Vulnerability Manager is purchased and licensed. For more information, see JSAVulnerability Manager User Guide. This menu option is available if JSA acquired profiledata actively through a scan.

Information > Asset Profile

Searches for events that are associated with this IP address.Information > Search Events

Information > Switch Port Lookup

Select the Run QVM Scan option to scan a JSA Vulnerability Manager scan on this IPaddress. This option is only displayed when JSA Vulnerability Manager has beenpurchased and licensed. For more information, see the JSA Vulnerability Manager UserGuide.

Information Run >QVMScan

To investigate about the IP addresses:

1. Log in to JSA.

2. Click the tab that you want to view.



3. Move your mouse pointer over an IP address to view the location of the IP address.

4. Right-click the IP address or asset name and select one of the following options:

Investigate User Names

You can right-click a user name to accessmoremenu options. Use these options to view

more information about the user name or IP address.

You can investigate user names when Log Manager Vulnerability Manager is purchased

and licensed. For more information, see the Vulnerability Manager Users Guide.

Table 11 on page 14 describes the menu options for user name investigation.

Table 11: Menu Options for User Name Investigation

DescriptionOption

Displays current assets that are associated to the selected user name. For more informationabout viewing assets, see “Assets Profile Page Parameters” on page 127.

View Assets

Displays all assets that are associated to the selected user name over the previous 24 hours.View User History

Displays the events that are associated to the selected user name. Formore information aboutthe List of Events window, see “Log Activity Monitoring” on page 34.

View Events

For more information about customizing the right-click menu, see the Juniper Secure

Analytics Administration Guide.

System Time

The right corner of the Log Manager user interface displays system time, which is the

time on the console.

Theconsole timesynchronizesLogManager systemswithin theLogManagerdeployment.

Theconsole time isused todeterminewhat timeeventswere received fromotherdevices

for correct time synchronization correlation.

In a distributed deployment, the console might be in a different time zone from your

desktop computer.

When you apply time-based filters and searches on the LogActivity andNetwork Activity

tabs, youmust use the console system time to specify a time range.

Updating User Preferences

You can update your user details through themain Log Manager user interface.

To update user details:

1. To access your user information, click Preferences.



2. As required, update the parameters from Table 12 on page 15.

Table 12: Parameters to Update User Details

DescriptionOption

Displays your user name. You cannot edit this field.Username

Type a new password. The passwordmust meet the following criteria:

• Minimum of six characters

• Maximum of 255 characters

The following special characters are not accepted:

• apostrophe ('),

• dollar sign ($), and

• exclamation mark (!)

Password

Type the password again for confirmation.Password (Confirm)

Type your email address. The email address must meet the following requirements:

• Valid email address

• Minimum of 10 characters

• Maximum of 255 characters

Email Address

JSA is available in the following languages: English, Simplified Chinese, Traditional Chinese,Japanese, Korean, French, German, Italian, Spanish, Russian and Portuguese (Brazil).

If a locale is not listed, the user interface is not translated into the associated language. However,other associated cultural conventions, such as, character type, collation, format of date and time,currency unit are supported.

Locale

Select this check box if you want to enable pop-up system notifications to be displayed on youruser interface.

EnablePopupNotifications

Resize Columns

You can resize the columns on several tabs in Log Manager.

Place the pointer of your mouse over the line that separates the columns and drag the

edge of the column to the new location. You can also resize columns by double-clicking

the line that separates the columns to automatically resize the column to the width of

the largest field.

NOTE: Column resizing does not work inMicrosoft Internet Explorer, Version7.0 web browsers when tabs are displaying records in streamingmode.

Configure Page Size

Users with administrative privileges can configure the maximum number of results that

display in the tables on various tabs in Log Manager.



CHAPTER 2

Dashboard Management

This chapter describes about the dashboard management in the following sections:

• Dashboard Management Overview on page 17

• Log Activity on page 18

• Most Recent Reports on page 19

• System Summary on page 19

• Vulnerability Management Items on page 20

• System Notification on page 20

• Adding Dashboard Items on page 22

• Using the Dashboard to Investigate Log Activity on page 22

• Configuring Charts on page 23

• Removing Dashboard Items on page 25

• Detaching a Dashboard Item on page 25

• Renaming a Dashboard on page 26

• Deleting a Dashboard on page 26

• Managing System Notifications on page 27

• Adding Search-based Dashboard Items to the Add Items List on page 27

DashboardManagement Overview

The Dashboard tab is the default view when you log in.

It provides a work space environment that supports multiple dashboards on which you

can display your views of network security, activity, or data that is collected.

It provides a work space environment on which you can display your views of the data

that is collected.

Dashboards allows you to organize your dashboard items into functional views, which

enable you to focus on specific areas of your network.

Use the Dashboard tab to monitor your security event behavior.


You can customize your dashboard. The content that is displayed on the Dashboard tab

is user-specific. Changes that are made within a Log Manager session affect only your

system.

To customize your Dashboard tab, you can perform the following tasks:

• Add and remove dashboard items from your dashboards.

• Move and position items tomeet your requirements. When you position items, each

item is automatically resized in proportion to the dashboard.

• Add custom dashboard items that are based on any data.

For example, you can add a dashboard item that provides a time series graph or a bar

chart that represents top 10 network activity.

To create custom items, you can create saved searches on the Log Activity tab and

choose how you want the results that are represented in your dashboard. Each

dashboard chart displays real-time up-to-the-minute data. Time series graphs on the

dashboard refresh every five minutes.


Vulnerability Management Items on page 20•



Log Activity

The Log Activity dashboard itemswill allow you tomonitor and investigate events in real

time.

NOTE: Hidden or closed events are not included in the values that aredisplayed in the Dashboard tab.

Table 13 on page 18 describes the log activity items.

Table 13: Log Activity Items

DescriptionDashboard item

You can display a custom dashboard item that is based on saved search criteria from the Log Activity tab.Event search items are listed in the Add Item >Network Activity > Event Searchesmenu. The name of theevent search itemmatches the name of the saved search criteria the item is based on.

Log Manager includes default saved search criteria that is preconfigured to display event search items onyour Dashboard tabmenu. You can addmore event search dashboard items to your Dashboard tabmenu.For more information, see Adding search-based dashboard items to the Add Items list.

OnaLogActivitydashboard item, search resultsdisplay real time last-minutedataonachart. Thesupportedchart types are time series, table, pie, and bar. The default chart type is bar. These charts are configurable.

Time series charts are interactive. You canmagnify and scan through a time line to investigate log activity.

Event Searches



Table 13: Log Activity Items (continued)

DescriptionDashboard item

The Events By Severity dashboard item displays the number of active events that are grouped by severity.This itemwill allow you to see the number of events that are received by the level of severity assigned.Severity indicates theamount of threat anoffense sourceposes in relation tohowprepared thedestinationis for the attack. The range of severity is 0 (low) to 10 (high). The supported chart types are Table, Pie, andBar.

EventsBySeverity

The Top Log Sources dashboard item displays the top five log sources that sent events to Log Managerwithin the last five minutes.

The number of events that are sent from the specified log source is indicated in the pie chart. This itemwill allow you to view potential changes in behavior, for example, if a firewall log source that is typicallynot in the top 10 list now contributes to a large percentage of the overall message count, you shouldinvestigate this occurrence. The supported chart types are Table, Pie, and Bar.

Top Log Sources





Most Recent Reports

The Most Recent Reports dashboard item displays the top recently generated reports.

The display provides the report title, the time, and date the report was generated, and

the format of the report.





SystemSummary

The System Summary dashboard item provides a high-level summary of activity within

the past 24 hours.

Within the summary item, you can view the following information:

• Current Flows Per Second—Displays the flow rate per second.

• Flows (Past 24 Hours)—Displays the total number of active flows that are seen within

the last 24 hours.

• Current Events Per Second—Displays the event rate per second.

• NewEvents(Past24Hours)—Displays the total numberof newevents thatare received

within the last 24 hours.


Chapter 2: Dashboard Management

• Updated Offenses (Past 24 Hours)—Displays the total number of offenses that have

been either created or modified with new evidence within the last 24 hours.

• Data Reduction Ratio—Displays the ratio of data reduced based on the total events

that are detectedwithin the last 24 hours and the number ofmodified offenses within

the last 24 hours.


Dashboard Management Overview on page 17•

• Log Activity on page 18


Vulnerability Management Items

Vulnerability Management dashboard items are only displayed when Log Manager

Vulnerability Manager is purchased and licensed.


You can display a custom dashboard item that is based on saved search criteria from

theVulnerabilities tab.Search itemsare listed in theAddItem>VulnerabilityManagement

> Vulnerability Searchesmenu. The name of the search itemmatches the name of the

saved search criteria the item is based on.

Log Manager includes default saved search criteria that is pre-configured to display

search items on your Dashboard tabmenu. You can addmore search dashboard items

to your Dashboard tabmenu.

The supported chart types are table, pie, and bar. The default chart type is bar. These

charts are configurable.


Log Activity on page 18•



SystemNotification

The Systems Notification dashboard item displays event notifications that are received

by your system.

For notifications to show in the System Notification dashboard item, the Administrator

must create a rule that is based on each notificationmessage type and select the Notify

check box in the Custom RulesWizard.

For more information about how to configure event notifications and create event rules,

see the Log Manager Administration Guide.



On the System Notifications dashboard item, you can view the following information:

• Flag—Displays a symbol to indicate severity level of the notification. Point to the

symbol to viewmore detail about the severity level.

• Health icon

• Information icon (?)

• Error icon (X)

• Warning icon (!)

• Created—Displays the amount of time elapsed since the notification was created.

On the System Notifications dashboard item, you can view the following information:

• Flag—Displays a symbol to indicate severity level of the notification. Point to the

symbol to viewmore detail about the severity level.

• Health icon

• Information icon (?)

• Error icon (X)

• Warning icon (!)


• Description—Displays information about the notification.

• Dismiss icon (x)—Will allow you to close a system notification.

You can point your mouse over a notification to viewmore details:

• Host IP—Displays the host IP address of the host that originated the notification.

• Severity—Displays the severity level of the incident that created this notification.

• Low Level Category—Displays the low-level category that is associated with the

incident that generated this notification. For example: Service Disruption.

• Payload—Displays the payload content that is associated with the incident that

generated this notification.


• Description—Displays information about the notification.

• Dismiss icon (x)—Will allow you to close a system notification.

When you add the System Notifications dashboard item, system notifications can also

display as pop-up notifications in the Log Manager user interface. These pop-up

notifications are displayed in the lower right corner of the user interface, regardless of

the selected tab.



Pop-up notifications are only available for users with administrative permissions and are

enabled by default. To disable pop-up notifications, select User Preferences and clear

the Enable Pop-up Notifications check box.

In the System Notifications pop-up window, the number of notifications in the queue is

highlighted. For example, if (1 - 12) is displayed in the header, the current notification is 1

of 12 notifications to be displayed.

The System Notifications pop-up window provides the following options:

• Next icon (>)—Displays the next notification message. For example, if the current

notification message is 3 of 6, click the icon to view 4 of 6.

• Close icon (X)—Closes this notification pop-up window.

• (details)—Displays more information about this system notification.


Log Activity on page 18•



Adding Dashboard Items

You can addmultiple dashboard items to your Dashboard tab.

To add dashboard items:

1. Click the Dashboard tab.

2. From the toolbar, click Add Item.

3. Select the item you want to add. See “Adding Dashboard Items” on page 22.


System Summary on page 19•

• Vulnerability Management Items on page 20


Using the Dashboard to Investigate Log Activity

Search-based dashboard items provide a link to the Log Activity tab, allowing you to

further investigate log activity.



To investigate flows from a Log Activity dashboard item:

1. Click the View in Log Activity link. The Log Activity tab is displayed, displaying results

and two charts that match the parameters of your dashboard item.

The chart types that are displayed on the Log activity tab depend on which chart is

configured in the dashboard item.

Table 14 on page 23 describes the chart types in the log activity tab using the

dashboard.

Table 14: Chart types in the Log Activity Tab

DescriptionChart type

The Log Activity tab displays a bar chart, pie chart, and table of details.Bar, Pie, and Table

The Log Activity tab displays charts according to the following criteria:Time Series

1. If your time range is less than or equal to 1 hour, a time series chart, a bar chart, and a table ofevent details are displayed.

2. If your time range is more than 1 hour, a time series chart is displayed and you are prompted toclickUpdateDetails. This action starts the search that populates the event details and generatesthebar chart.When the search completes, the bar chart and table of event details are displayed.





Configuring Charts

You can configure Log Activity, Network Activity, and Connections (if applicable)

dashboard items to specify the chart type and howmany data objects youwant to view.

Table 15 on page 23 describes the configuring charts parameter options.

Table 15: Configuring Charts Parameter Options.

descriptionoption

From the list, select the object type that you want to graph on the chart. Options include allnormalized and custom event or flow parameters included in your search parameters.

Value to Graph



Table 15: Configuring Charts Parameter Options. (continued)

descriptionoption

From the list, select the chart type that you want to view. Options include:

1. Bar Chart—Displays data in a bar chart. This option is only available for grouped events.

2. Pie Chart—Displays data in a pie chart. This option is only available for grouped events.

3. Table—Displays data in a table. This option is only available for grouped events.

4. Time Series—Displays an interactive line chart that represents the records that are matched bya specified time interval.

Chart Type

From the list, select the number of objects you want you view in the chart. Options include 5 and10. The default is 10.

Display Top

Select this check box to enable time series capture. When you select this check box, the chartfeature begins to accumulate data for time series charts. By default, this option is disabled.

Capture Time Series Data

From the list, select the time range that you want to view.Time Range

Your custom chart configurations are retained, so that they are displayed as configured

each time that you access the Dashboard tab.

JSA Log Manager collects data so that when you perform a time series saved search,

there is a cache of event or flow data available to display the data for the previous time

period. Accumulated parameters are indicated by an asterisk (*) in the Value to Graph

list. If you select a value to graph that is not accumulated (no asterisk), time series data

is not available.

To configure charts:


2. From the ShowDashboard list, select the dashboard that contains the item youwant

to customize.

3. On the header of the dashboard item you want to configure, click the Settings icon.

4. Configure the chart parameters that are described in Table 14 on page 23.


System Notification on page 20•





Removing Dashboard Items

You can remove items from a dashboard and add the item again at any time.

When you remove an item from the dashboard, the item is not removed completely.

To remove the dashboard items:


2. From the ShowDashboard list, select the dashboard fromwhich you want to remove

an item.

3. On the dashboard item header, click the red [x] icon to remove the item from the

dashboard.


Adding Dashboard Items on page 22•



Detaching a Dashboard Item

You can detach an item from your dashboard and display the item in a newwindow on

your desktop system.

When you detach a dashboard item, the original dashboard item remains on the

Dashboard tab,while a detachedwindowwith aduplicate dashboard item remains open

and refreshes during scheduled intervals. If you close the Log Manager application, the

detachedwindowremainsopen formonitoringandcontinues to refreshuntil youmanually

close the window or shut down your computer system.

To detach a dashboard item:


2. From the ShowDashboard list, select the dashboard fromwhich you want to detach

an item.

3. On the dashboard itemheader, click the green icon to detach the dashboard itemand

open it in separate window.




• Removing Dashboard Items on page 25



Renaming a Dashboard

You can rename a dashboard and update the description.

To rename a dashboard:


2. From the ShowDashboard list, select the dashboard that you want to edit.

3. On the toolbar, click the Rename Dashboard icon.

4. In the Name field, type a new name for the dashboard. Themaximum length is 65

characters.

5. In theDescription field, typeanewdescriptionof thedashboard. Themaximumlength

is 255 characters.

6. ClickOK.




• Detaching a Dashboard Item on page 25

Deleting a Dashboard

You can delete a dashboard.

After you delete a dashboard, the Dashboard tab refreshes and the first dashboard that

is listed in the Show Dashboard list is displayed. The dashboard that you deleted is no

longer displayed in the Show Dashboard list.

To delete a dashboard:


2. From the ShowDashboard list, select the dashboard that you want to delete.

3. On t

Documents

Juniper Secure Analytics Log Manager Users Guide · •E-mail—Sendyourcommentstotechpubs-comments@juniper.net.Includethedocument ortopicname,URLorpagenumber,andsoftwareversion(ifapplicable)