Juniper JSA Series Virtual Appliance User guide

Brand: Juniper

Model: JSA Series Virtual Appliance

Type: User guide

This manual is also suitable for

Juniper JSA Series Virtual Appliance is a network-based security solution that provides comprehensive visibility and threat detection across your entire infrastructure. It uses machine learning and advanced analytics to detect and respond to threats in real time, including zero-day attacks and insider threats. The JSA Series Virtual Appliance also offers a variety of features to help you manage your security infrastructure, including:

QRadar Assistant App Guide

Published

2021-05-25

RELEASE

7.4.2

Juniper Networks, Inc.

1133 Innovaon Way

Sunnyvale, California 94089

USA

408-745-2000

www.juniper.net

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc.

in the United States and other countries. All other trademarks, service marks, registered marks, or registered service

marks are the property of their respecve owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right

to change, modify, transfer, or otherwise revise this publicaon without noce.

QRadar Assistant App Guide

7.4.2

The informaon in this document is current as of the date on the tle page.

YEAR 2000 NOTICE

Juniper Networks hardware and soware products are Year 2000 compliant. Junos OS has no known me-related

limitaons through the year 2038. However, the NTP applicaon is known to have some diculty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentaon consists of (or is intended for use

with) Juniper Networks soware. Use of such soware is subject to the terms and condions of the End User License

Agreement ("EULA") posted at hps://support.juniper.net/support/eula/. By downloading, installing or using such

soware, you agree to the terms and condions of that EULA.

Table of Contents

About This Guide | iv

QRadar Assistant App

QRadar Assistant App | 2

What's New in the QRadar Assistant App | 3

Conguring the QRadar Assistant App | 9

Managing Installed Extensions | 10

Managing Multenant Apps | 12

Downloading Apps with the QRadar Assistant App | 16

Phone Home | 18

Congure URL Access on Firewalls | 21

Running the Assistant app in Oine Mode | 21

Known Issues | 23

iii

About This Guide

Use the this guide to manage your app and content extension inventory, view app and content

extension recommendaons and get links to useful informaon.

CHAPTER

QRadar Assistant App

QRadar Assistant App | 2

What's New in the QRadar Assistant App | 3

Conguring the QRadar Assistant App | 9

Managing Installed Extensions | 10

Managing Multenant Apps | 12

Downloading Apps with the QRadar Assistant App | 16

Phone Home | 18

Congure URL Access on Firewalls | 21

Running the Assistant app in Oine Mode | 21

Known Issues | 23

QRadar Assistant App

Use the QRadar Assistant app to manage your app and content extension inventory, view app and

content extension recommendaons, follow the QRadar Twier feed, and get links to useful

informaon.

TIP: Aer upgrading the QRadar Assistant app, you may need to clear your browser cache to see

the new Assistant app icon and applicaon content.

NOTE: Use Extensions Management rather than the QRadar Assistant app to manage extensions

that have dependencies.

The QRadar Assistant app consists of the following secons:

•Guide Center--The QRadar Assistant Guide Center is a central point that links to a wide collecon of

QRadar informaon resources. From the Guide Center, you can view tuning and use cases videos

that are recorded by QRadar experts, watch previously recorded open mic sessions, access a wide

variety of QRadar technical ps, view IBM Security Community informaon, and watch video

tutorials. provided by IBM Learning Academy.

•Featured Applicaons--Featured applicaons are the most recently recommended applicaons that

are featured by QRadar.

•Support--View Juniper Customer Support.

•Support Forum--View the latest QRadar related quesons from QRadar developerWorks forums.

•Applicaons page--Search, sort, and lter available apps by various categories. You can see a quick

view of the app, then expand to see the full descripon and download the app. See which apps have

updates available.

When you select an app to download, it appears in the download drawer.

Open the drawer to see a list of apps that are queued for download or installaon. You can place up

to ve apps in the download queue at one me. To keep the download drawer open, click the pin

icon.

From Version 2.3.0, you can also view the list of currently installed QRadar extensions and contents.

•Watson Integraon--On the Watson Integraon page, you can learn how the QRadar Advisor with

Watson works with QRadar to invesgate and respond to threats. You can review requirements for

your QRadar system to install and run the Advisor app. You can also download and install QRadar

Advisor with Watson directly from the Assistant app.

What's New in the QRadar Assistant App

IN THIS SECTION

Version 3.2.0 | 4

Version 3.1.1 | 4

Version 3.1.0 | 4

Version 3.0.2 | 4

Version 3.0.1 | 5

Version 3.0.0 | 5

Version 2.5.2 | 5

Version 2.5.1 | 5

Version 2.5.0 | 5

Version 2.4.0 | 6

Version 2.3.0 | 6

Version 2.2.1 | 6

Version 2.2.0 | 6

Version 2.1.0 | 7

Version 2.0.2 | 7

Version 2.0.1 | 7

Version 2.0.0 | 7

Version 1.1.5 | 8

Version 1.1.3 | 8

Version 1.1.0 | 8

Version 1.0.3 | 8

Version 1.0.2 | 8

Version 1.0.1 | 9

Learn about the new features in each QRadar Assistant app release.

Version 3.2.0

• Enhanced compability check for extension installaons with mulple QRadar version support.

• Bug x for displaying installed apps in Applicaon Manager.

• Improved performance for displaying installed extensions.

• Added an opon to enable administrators to install extensions with user’s access token.

Version 3.1.1

• Fixed an issue which prevented the Security Administrator from managing applicaons.

• Fixed an issue for app logging.

• Updated translaons for user interface strings.

Version 3.1.0

• Added a widget in Applicaon Manager to display current app memory usage.

• Added the ability to manage applicaons without Internet access.

• Added an introducon tab for “QRadar Analyst Workow.”

• Bug x for connecon error over intercepng proxy.

Version 3.0.2

• Bug x for displaying extensions in the Applicaon Manager.

Version 3.0.1

Added a widget in the Instance wizard to display app memory usage in the multenant environment.

Added the Start default instance checkbox in the mul-tenant environment.

Improved the user experience for conguring instances in the mul-tenant environment.

Bug x for user permission sengs.

Version 3.0.0

• Added support for QRadar (7.4.0 Fix Pack 1 or later) multenancy.

• Added mulple language support.

• Added new resource links.

• Enhanced Watson Readiness Check.

• Fixed SSL cercate issues.

Version 2.5.2

• Added the Update Available ribbon.

• Fixed SSL cercate issues.

Version 2.5.1

• Reduced memory requirement from 800MB to 600MB.

• Fixed an issue that caused incorrect QRadar version display.

Version 2.5.0

• Renamed the tab name Tuning App to Use Case Manager.

• Updated images, text and links in the Use Case Manager Tab.

Version 2.4.0

• Added a link to the QRadar documentaon on the hps://support.juniper.net/support/downloads/.

• Fixed an issue that caused installing extensions to fail.

Version 2.3.0

• In the Guide Center, removed the Tuning Videos secon and moved the contents to the Tech Tips

secon.

• In the Guide Center, added the IBM Learning Academy secon that provides video tutorials.

• Under the social networking secon in the Guide Center, added the IBM Security Community sub-

secon.

• In the Applicaons, added a new secon (Installed) that lists currently installed QRadar extensions

and contents.

Version 2.2.1

• Added addional Watson Readiness checks.

• Added an icon that links to the IBM Security Community.

Version 2.2.0

•Applicaons screen lter persists between screens.

• App is automacally available to all user roles when installed.

• Upgrade All buon now available to upgrade all apps.

• Fixed an issue with the proxy when installing apps.

• Performance improvements.

• Accessibility enhancements.

• Supportability for IE 11 Edge mode.

•Mulple defect xes.

Version 2.1.0

• Improved Watson Readiness checks.

Version 2.0.2

• Fixed an issue where proxy did not work with mulple user accounts.

Version 2.0.1

•Simplied prole conguraon for admin users.

Version 2.0.0

• Complete redesign of the user interface.

•Integraon of Watson Readiness app.

• Added QRadar learning resources to the Guide Center.

• Added feature to enable download of ve apps directly from within Assistant App.

•Addional Log Source matching.

Version 1.1.5

• Added Call Home feature.

• Enhanced user interface.

• Minor defect xes.

Version 1.1.3

• Added Call Home feature.

• Enhanced user interface.

• Minor defect xes.

Version 1.1.0

• Log source matching - extensions will be recommended based on discovered log sources.

• Added a Tuning Video to QRadar Help Center to assist with steps on tuning your QRadar system.

• Fixed a number of minor defects.

Version 1.0.3

• Added Proxy related features.

• Detect QRadar version and disable downloading of apps depending on installed version.

• Fixed user interface issues.

• Fixed an issue where no Internet access / no proxy setup would result in an installaon failure.

Version 1.0.2

• Enhanced usability.

Version 1.0.1

• Minor styling changes.

RELATED DOCUMENTATION

Conguring the QRadar Assistant App | 9

Managing Installed Extensions | 10

Managing Multenant Apps | 12

Conguring the QRadar Assistant App

The QRadar Assistant app is included in QRadar installaons of version 7.3.1 and later. You can

download the app from the IBM Security App Exchange for those versions. An Admin user must

congure certain opons to enable the Assistant app in your QRadar environment.

1. Click the Assistant app icon.

TIP: In QRadar versions 7.3.0 and earlier, click QRadar Assistant.

2. If you are the Admin conguring the Assistant app for the rst me, complete the following steps:

a. Enter a valid authorized service token into the banner on the Assistant app page and click Save.

NOTE: The security prole for the token must be Admin.

b. Click Sengs, select the API Authencaons tab, and enter your X-Force Exchange API Key and

API Password.

NOTE: Validaon of the API key can take several seconds.

NOTE: Aer an Admin congures the authorized service token and API key and password,

other Admin users do not need to perform this conguraon. Non-Admin users can use the

Assistant app, but are not authorized to download and install apps. To allow non-Admin users

to install apps, they must congure the Assistant app with an authorized service token that is

provided by an Admin.

3. To congure a proxy server for communicaon with X-Force Exchange, click Sengs, select the

Proxy tab, and enter the following informaon for your proxy server:

• Protocol

• Address

• Port

• User name

• Password

4. Click Save, then close the Sengs window.

5. If you want to use the QRadar Phone Home Service, click Agree.

For more informaon about the Phone Home Service, see "Phone Home" on page 18.

RELATED DOCUMENTATION

Managing Installed Extensions | 10

Managing Multenant Apps | 12

Downloading Apps with the QRadar Assistant App | 16

Managing Installed Extensions

You can use the Installed secon on the Applicaons page to view and manage currently installed

QRadar extensions and contents.

1. Click the Assistant app icon , and then click Applicaons.

TIP: In QRadar versions 7.3.0 and earlier, click QRadar Assistant.

2. In the Installed secon, click View All to view applicaons by Installed Extensions, Installed Content,

and Custom Applicaons.

3. Hover your cursor over an applicaon card, and then click Quick View to open the Details Summary

pane.

Field Descripon

Manage Indicates the current status of the extension or

content.

Details Indicates the brief descripon of the extension

or content.

Delete Click to remove the extension or content.

Stop If available, click to deacvate the associated

applicaons.

NOTE: This opon is only available to

extensions and custom applicaons.

Start If available, click to acvate the associated

applicaons.

NOTE: This opon is only available to

extensions and custom applicaons.

4. Click the list view icon to view apps in a list. In Opons, you can perform the following tasks.

a. For extensions, you can select to either delete, stop, or start the selected item.

b. For contents, you can select to delete the selected item.

RELATED DOCUMENTATION

Managing Multenant Apps | 12

Downloading Apps with the QRadar Assistant App | 16

Phone Home | 18

Managing Multenant Apps

IN THIS SECTION

Multenant Apps | 12

Conguring QRadar for Creang Mulple Instances | 13

Creang an Instance | 13

Managing Instances | 14

QRadar Assistant app 3.0.0 supports multenant environments in QRadar 7.4.0 Fix Pack 1 or later.

With QRadar Assistant 3.0.0 or later, you can manage instance for these apps (such as QRadar User

Behavior Analycs, QRadar Pulse, QRadar Log Source Management App) in a multenant environment.

You can create mulple instances and associate one instance to a security prole. By assigning a domain

to dierent security proles, you can segregate the events and ows that from dierent instances. For

example, you install a multenant app "Hello App" in a mul-divisional organizaon and you want to

create some security proles such as "Green Oce", "Blue Oce" with dierent domains. Aer you

create the security proles, you create mulple instances like "Hello App-Green Oce" and "Hello App-

Blue Oce" in a single shared deployment.

Use security proles and user roles to manage privileges for large groups of users in your environment.

Security proles and user roles ensure that users have access to only the informaon that they are

authorized to see.

Multenant Apps

You can create mulple instances for a multenant app to segregate dierent users. However, not every

QRadar app is supports multenancy, or needs to have mulple instances. In most cases, you would

have only one instance (default instance) aer the extension is installed. The default instance is globally

viewable for all users; you can assign the permissions in the user role sengs in JSA 7.3.1 or later.

Conguring QRadar for Creang Mulple Instances

You must congure QRadar administrave sengs to create mulple instances.

You can only create mulple instances with the QRadar Assistant 3.0.0 and QRadar 7.4.0 Fix Pack 1 and

later.

1. Create a security prole that would be associated later for the instance.

2. Create domains and associated those with the security prole specied in "Step 1" on page 13.

3. Create a user role that can access this app.

4. Create a user and associate to the specic security prole and user role.

5. Deploy changes.

1. Create a security prole "Blue Oce."

2. Create a user role named "DevOps."

3. Create a user named "blue-dev" to be associate with the security prole "Blue Oce" and the user

role "DevOps."

4. Deploy changes.

5. Create a new instance for the user "blue-dev."

Creang an Instance

With Assistant 3.0.0 and later in a mul-tenant environment, Admin users can create instance from a

mul-tenanted app.

You must complete the steps described in "Conguring QRadar for creang mulple instances" on page

13. Only Admin users can create new instances.

Every extension instance must be associated with a security prole. If an instance requires an authorized

service token, the authorized service must be assigned with the same security prole.

The opon Create New Instance is not available in the following situaons.

• The extension does not support multenancy: The extension is not multenancy aware and the

opon Create New Instance is not available.

• The extension only allows one instance to be created: Apps like Pulse, Log Source Management App,

and Assistant that are for administrave purposes can only have one instance.

1. Click the Assistant app icon, and then click Applicaons.

2. Ensure you're in the List View in Applicaon Manager.

3. In the Installed Extensions secon, click the ellipsis icon in the Opons column of the extension for

which you want to create an instance, and then click Create New Instance.

4. In the Create New Instance window, follow the onscreen instrucons to specify the Security prole

and User role, and then click Conrm and Create. Aer the instance is created, you can expand the

table and see a new row for this instance.

NOTE: Regarding the Installed Extension table,

• The Total Memory column shows the overall storage space used for all instances on the

corresponding extension. You can expand each row of the extension table to see more

details.

• Each row of the instance table is a grouped result. If an installed extension has two or

more apps, it would sll show only one row in the instance table but the memory

consumpon is a summaon of all apps.

5. Deploy changes in QRadar administrator page if the user roles are newly added.

Managing Instances

You can restart, stop, or congure an extension instance.

Stopping an extension instance will force logging o all users of that instance.

1. Click the Assistant app icon, and then click Applicaons.

2. Select the extension name whose instance you want to manage, and click the ellipsis icon in the

Opons column of the extension you want to manage.

Field Descripon

Start All Instances Start a stopped instance.

(Connued)

Field Descripon

Stop All Instances Stop an acve instance.

Delete All Instances Remove the instance.

Create New Instance Create a new instance.

Check for Updates Navigate to Full view for extension informaon.

Uninstall Extension Navigate to Extension Management for

PREVIEWING and Uninstall procedure.

NOTE: You need to uninstall all non-admin

instances before uninstalling the extension.

3. Click the ellipsis icon in the Opons column of the instance you want to manage.

Field Descripon

Start Instance Start a stopped instance.

Stop Instance Stop a running instance.

Delete Instance Remove the instance.

Congure Instance This opon is only available to the instances

that has exported the conguraon endpoints.

Aer clicking this opon, a sliding panel would

be displayed with the conguraon page

embedded in an iframe. Admin users can use

the page to congure the instance associated

with a specic security prole.

(Connued)

Field Descripon

View as [Security Prole Name] This opon is only available for the instances

that are associated with a non-admin security

prole. Admin user can use this funcon to

override the permission temporarily and to see

all instances associated with the specied

security prole.

NOTE: You need to refresh the browser to see

the addional instances granted by the override

permission.

Hide This opon is only available aer View as

[Security Prole] is selected. Click Hide to

toggle the overriding permission of the Admin

user.

RELATED DOCUMENTATION

Downloading Apps with the QRadar Assistant App | 16

Phone Home | 18

Congure URL Access on Firewalls | 21

Downloading Apps with the QRadar Assistant App

On the Applicaons page, you can download and install apps from the X-Force Exchange.

1. Use any of the following methods to nd apps:

Page is loading ...

Juniper JSA Series Virtual Appliance User guide

Brand: Juniper

Model: JSA Series Virtual Appliance

Type: User guide

This manual is also suitable for

Download PDF

report

Juniper JSA Series Virtual Appliance User guide

This manual is also suitable for

Juniper JSA Series Virtual Appliance User guide

Related papers

Other documents