This three-day course discusses the configuration of Juniper Networks JSA Series Secure Analytics (formerly known as Security Threat Response Manager [STRM]) in a typical network environment. Key topics include deploying a JSA Series device in the network, configuring flows, running reports and troubleshooting.

Through demonstrations and hands-on labs, students will gain experience in configuring, testing and troubleshooting the JSA Series device. This course uses the Juniper Networks Secure Analytics (JSA) VM virtual appliance for the hands-on component and is based on JSA software 2014.2R4.

Audience: This course is intended for network engineers, support personnel, reseller support and anyone responsible for implementing the JSA system.
Course Duration: 3 days
Prerequisites:

This course assumes experience in network security administration and a basic knowledge of network security concepts and TCP/IP operation.

Course Objectives:

After successfully completing this course, students should be able to:

  • Explain the role of the Network Director
  • Describe the JSA system and its basic functionality
  • Describe the hardware used with the JSA system
  • Identify the technology behind the JSA system
  • Identify the JSA system’s primary design divisions; display versus detection, and events versus traffic
  • Plan and prepare for a new installation
  • Access the administration console
  • Configure the network hierarchy
  • Configure the automatic update process
  • Access the Deployment Editor
  • Describe the JSA system’s internal processes
  • Describe event and flow source configuration
  • List key features of the JSA architecture
  • Describe the JSA system’s processing logic
  • Interpret the correlation of flow and event data
  • List the architectural component that provides each key function
  • Describe Events and explain where they come from
  • Access the Log Activity interface
  • Execute Event searches
  • Describe flows and their origin
  • Configure the Network Activity interface
  • Execute Flow searches
  • Specify the JSA system’s Asset Management and Vulnerability Assessment functionality
  • Access the Assets interface
  • View Asset Profile data
  • View Server Discovery
  • Access the Vulnerability Assessment Scan Manager to produce vulnerability assessments (VAs)
  • Access vulnerability scanner configuration
  • View vulnerability profiles
  • Describe rules
  • Configure rules
  • Configure Building Blocks (BBs)
  • Explain how rules and flows work together
  • Access the Offense Manager interface
  • Understand Offense types
  • Configure Offense actions
  • Navigate the Offense interface
  • Explain the Offense summary screen
  • Search Offenses
  • Use the JSA system’s Reporting functionality to produce graphs and reports
  • Navigate the Reporting interface
  • Configure Report Groups
  • Demonstrate Report Branding
  • View Report formats
  • Identify the basic information on maintaining and troubleshooting the JSA system
  • Navigate the JSA dashboard
  • List flow and event troubleshooting steps
  • Access the Event Mapping Tool
  • Configure Event Collection for Junos devices
  • Configure Flow Collection for Junos devices
  • Explain High Availability (HA) functionality on a JSA device
Course Outline:
  • Course Introduction

 

  • Product Overview
    • Overview of the JSA Series Device
    • Hardware
    • Collection
    • Operational Flow

 

  • Initial Configuration
    • A New Installation
    • Administration Console
    • Platform Configuration
    • Deployment Editor
    • Lab One: Initial Configuration

 

  • Architecture
    • Processing Log Activity
    • Processing Network Activity
    • JSA Deployment Options

 

  • Log Activity
    • Log Activity Overview
    • Configuring Log Activity
    • Lab Two: Log Activity

 

  • Network Activity
    • Network Activity Overview
    • Configuring Network Activity
    • Lab Three: Network Activity

 

  • Assets and Vulnerability Assessment
    • Asset Interface
    • Vulnerability Assessment
    • Vulnerability Scanners
    • Lab Four: Assets and Vulnerability Assessment

 

  • Rules
    • Rules
    • Configure Rules and Building Blocks
    • Lab Five: Rules

 

  • Offense Manager
    • Offense Manager
    • Offense Manager Configuration
    • Offense Investigation
    • Lab Six: Configure the Offense Manager

 

  • JSA Reporting
    • Reporting Functionality
    • Reporting Interface
    • Lab Seven: Reporting

 

  • Basic Tuning and Troubleshooting
    • Basic Tuning
    • Troubleshooting

 

  • Configuring Junos Devices for Use with JSA
    • Collecting Junos Events
    • Collecting Junos Flows
    • Lab Eight: Configuring Junos Devices for JSA

 

  • Appendix A: High Availability
    • High Availability
    • Configuring High Availability