Course Details
Overview
This three-day course discusses the configuration of Juniper Networks JSA Series Secure Analytics (formerly known as Security Threat Response Manager [STRM]) in a typical network environment. Key topics include deploying an STRM device in the network, configuring flows, running reports, and troubleshooting. Through demonstrations and hands-on labs, students will gain experience in configuring, testing, and troubleshooting the STRM device. This course uses the STRMV virtual appliance for the hands-on component. This course is based on STRM software 2012.1R1.
Course Level:
Configuring Security Response Threat Manager is an introductory-level course.
Objectives
After successfully completing this course, you should be able to:
- Describe the STRM system and its basic functionality;
- Describe the hardware used with the STRM system;
- Identify the technology behind the STRM system;
- Identify the STRM system’s primary design divisions: display versus detection, and events versus traffic;
- Plan and prepare for a new installation;
- Access the administration console;
- Configure the network hierarchy;
- Configure the automatic update process;
- Access the Deployment Editor;
- Describe the STRM system’s internal processes;
- Describe event and flow source configuration;
- List key features of the STRM architecture;
- Describe the STRM system’s processing logic;
- Interpret the correlation of flow and event data;
- List the architectural component that provides each key function;
- Describe Events and explain where they come from;
- Access the Log Activity interface;
- Execute Event searches;
- Describe flows and their origin;
- Configure the Network Activity interface;
- Execute Flow searches;
- Specify the STRM system’s Asset Management and Vulnerability Assessment functionality;
- Access the Assets interface;
- View Asset Profile data;
- View Server Discovery;
- Access the Vulnerability Assessment Scan Manager to produce vulnerability assessments (VAs);
- Access vulnerability scanner configuration;
- View vulnerability profiles;
- Describe rules;
- Configure rules;
- Configure Building Blocks (BBs);
- Explain how rules and flows work together;
- Access the Offense Manager interface;
- Understand Offense types;
- Configure Offense actions;
- Navigate the Offense interface;
- Explain the Offense summary screen;
- Search Offenses;
- Use the STRM system’s Reporting functionality to produce graphs and reports;
- Navigate the Reporting interface;
- Configure Report Groups;
- Demonstrate Report Branding;
- View Report formats;
- Indentify the basic information on maintaining and troubleshooting the STRM system;
- Navigate the STRM dashboard;
- List flow and event troubleshooting steps;
- Access the Event Mapping tool;
- Configure Event Collection for Junos devices;
- Configure Flow Collection for Junos devices; and
- Explain High Availability (HA) functionality on an STRM device.
Outline
Day 1
Chapter 1: Course Introduction
Chapter 2: Product Overview
- Overview of the STRM Series Device
- Hardware
- Collection
- Operational Flow
Chapter 3: Initial Configuration
- A New Installation
- Administration Console
- Platform Configuration
- Deployment Editor
- Lab 1: Initial Configuration
Chapter 4: Architecture
- Processing Log Activity
- Processing Network Activity
- STRM Deployment Options
Chapter 5: Log Activity
- Log Activity Overview
- Configuring Log Activity
- Lab 2: Log Activity
Day 2
Chapter 6: Network Activity
- Network Activity Overview
- Configuring Network Activity
- Lab 3: Network Activity
Chapter 7: Assets and Vulnerability Assessment
- Asset Interface
- Vulnerability Assessment
- Vulnerability Scanners
- Lab 4: Assets and Vulnerability Assessment
Chapter 8: Rules
- Rules
- Configure Rules and Building Blocks
- Lab 5: Rules
Chapter 9: Offense Manager
- Offense Manager
- Offense Manager Configuration
- Offense Investigation
- Lab 6: Configure the Offense Manager
Day 3
Chapter 10: Reporting
- Reporting Functionality
- Reporting Interface
- Lab 7: Reports
Chapter 11: Basic Tuning and Troubleshooting
- Basic Tuning
- Troubleshooting
Chapter 12: Configuring Junos Devices for Use with STRM
- Collecting Junos Events
- Collecting Junos Flows
- Lab 8: Configuring Junos Devices for STRM
Appendix A: High Availability
- High Availability
- Configuring High Availability
Target Audience
This course is intended for network engineers, support personnel, reseller support, and anyone responsible for implementing the STRM system.
Pre-Requisites
This course assumes that students have basic networking knowledge and experience in the following areas:
- Understanding of TCP/IP operation;
- Understanding of network security concepts; and
- Experience in network security administration.