Implementing Juniper Networks Secure Analytics (IJSA)

 

Résumé du cours

This course replaces the CSTRM (Configuring Security Threat Response Manager)

This three-day course discusses the configuration of Juniper Networks JSA Series Secure Analytics (formerly known as Security Threat Response Manager [STRM]) in a typical network environment. Key topics include deploying a JSA Series device in the network, configuring flows, running reports, and troubleshooting.

Through demonstrations and hands-on labs, students will gain experience in configuring, testing, and troubleshooting the JSA Series device. This course uses the Juniper Networks Secure Analytics (JSA) VM virtual appliance for the hands-on component. This course is based on JSA software 2014.2R4.

Moyens Pédagogiques :
  • Quiz pré-formation de vérification des connaissances (si applicable)
  • Réalisation de la formation par un formateur agréé par l’éditeur
  • Formation réalisable en présentiel ou en distanciel
  • Mise à disposition de labs distants/plateforme de lab pour chacun des participants (si applicable à la formation)
  • Distribution de supports de cours officiels en langue anglaise pour chacun des participants
    • Il est nécessaire d'avoir une connaissance de l'anglais technique écrit pour la compréhension des supports de cours
Moyens d'évaluation :
  • Quiz pré-formation de vérification des connaissances (si applicable)
  • Évaluations formatives pendant la formation, à travers les travaux pratiques réalisés sur les labs à l’issue de chaque module, QCM, mises en situation…
  • Complétion par chaque participant d’un questionnaire et/ou questionnaire de positionnement en amont et à l’issue de la formation pour validation de l’acquisition des compétences

Pré-requis

This course assumes that students have basic networking knowledge and experience in the following areas:

  • Understanding of TCP/IP operation;
  • Understanding of network security concepts; and
  • Experience in network security administration.

Objectifs

After successfully completing this course, you should be able to:

  • Describe the JSA system and its basic functionality.
  • Describe the hardware used with the JSA system.
  • Identify the technology behind the JSA system.
  • Identify the JSA system’s primary design divisions—display versus detection, and events versus traffic.
  • Plan and prepare for a new installation.
  • Access the administration console.
  • Configure the network hierarchy.
  • Configure the automatic update process.
  • Access the Deployment Editor.
  • Describe the JSA system’s internal processes.
  • Describe event and flow source configuration.
  • List key features of the JSA architecture.
  • Describe the JSA system’s processing logic.
  • Interpret the correlation of flow data and event data.
  • List the architectural component that provides each key function.
  • Describe Events and explain where they come from.
  • Access the Log Activity interface.
  • Execute Event searches.
  • Describe flows and their origin.
  • Configure the Network Activity interface.
  • Execute Flow searches.
  • Specify the JSA system’s Asset Management and Vulnerability Assessment functionality.
  • Access the Assets interface.
  • View Asset Profile data.
  • View Server Discovery.
  • Access the Vulnerability Assessment Scan Manager to produce vulnerability assessments (VAs).
  • Access vulnerability scanner configuration.
  • View vulnerability profiles.
  • Describe rules.
  • Configure rules.
  • Configure Building Blocks (BBs).
  • Explain how rules and flows work together.
  • Access the Offense Manager interface.
  • Understand Offense types.
  • Configure Offense actions.
  • Navigate the Offense interface.
  • Explain the Offense summary screen.
  • Search Offenses.
  • Use the JSA system’s Reporting functionality to produce graphs and reports.
  • Navigate the Reporting interface.
  • Configure Report Groups.
  • Demonstrate Report Branding.
  • View Report formats.
  • Identify the basic information on maintaining and troubleshooting the JSA system.
  • Navigate the JSA dashboard.
  • List flow and event troubleshooting steps.
  • Access the Event Mapping Tool.
  • Configure Event Collection for Junos devices.
  • Configure Flow Collection for Junos devices.
  • Explain high availability (HA) functionality on a JSA device.

Contenu

Day 1
Chapter 1: Course Introduction
Chapter 2: Product Overview
  • Overview of the JSA Series Device
  • Hardware
  • Collection
  • Operational Flow
Chapter 3: Initial Configuration
  • A New Installation
  • Administration Console
  • Platform Configuration
  • Deployment Editor
  • Lab 1: Initial Configuration
Chapter 4: Architecture
  • Processing Log Activity
  • Processing Network Activity
  • JSA Deployment Options
Chapter 5: Log Activity
  • Log Activity Overview
  • Configuring Log Activity
  • Lab 2: Log Activity
Day 2
Chapter 6: Network Activity
  • Network Activity Overview
  • Configuring Network Activity
  • Lab 3: Network Activity
Chapter 7: Assets and Vulnerability Assessment
  • Asset Interface
  • Vulnerability Assessment
  • Vulnerability Scanners
  • Lab 4: Assets and Vulnerability Assessment
Chapter 8: Rules
  • Rules
  • Configure Rules and Building Blocks
  • Lab 5: Rules
Chapter 9: Offense Manager
  • Offense Manager
  • Offense Manager Configuration
  • Offense Investigation
  • Lab 6: Configure the Offense Manager
Day 3
Chapter 10: JSA Reporting
  • Reporting Functionality
  • Reporting Interface
  • Lab 7: Reporting
Chapter 11: Basic Tuning and Troubleshooting
  • Basic Tuning
  • Troubleshooting
Chapter 12: Configuring Junos Devices for Use with JSA
  • Collecting Junos Events
  • Collecting Junos Flows
  • Lab 8: Configuring Junos Devices for JSA
Appendix A: High Availability
  • High Availability
  • Configuring High Availability

Prix & Delivery methods

Formation en ligne

Durée
3 jours

Prix
  • US $ 3 000,–
Dates et Inscription
Demande de date
Formation en salle équipée

Durée
3 jours

Prix
  • France : US $ 3 000,–
Dates et Inscription
Demande de date

Actuellement aucune session planifiée