Juniper NetScreen
Version: Juniper Networks NetScreen Series.
The Juniper Networks NetScreen Series Security Systems are ideally suited for large enterprise network backbones, including Departmental or campus segmentation, Enterprise data centres for securing high-density server environments and Carrier-based managed services or core infrastructure.
Netsurion Open XDR supports Juniper NetScreen firewall and syslog. Its reports help you to monitor allowed and denied traffic, user management and its activity (like authentication). As Juniper NetScreen firewall contain web filtering, you can download reports for URL filtration. You can get reports for configuration changes (like changes in web filtering and firewall policy) and Intrusion detection also. It also generates alerts when user fails to authenticate with a firewall, some changes happen in configuration of firewall and also for intrusion detection also which helps to you troubleshoot problems related with firewall and also prevent your network from intrusions. Once events are received by Netsurion Open XDR categories, alerts and reports can be configured.
Netsurion Data Source Integration for NetScreen allows you to monitor following:-
- Operations – Syslog messages for different services, account operations (addition, deletion and modification of user and group) and shutdown/restarting of system.
- Security – Suspicious network activities, if there is any changes in privileges on user logon/authentication activities (logon, logoff).
- Compliance – Changes in policy configuration (addition and deletion)
Once Juniper Networks NetScreen Series is configured to deliver events to Netsurion Open XDR; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | NetScreen – Authentication failure | This alert is generated when system or user related authentication fails. |
| Security | NetScreen – System configuration erased | This alert is generated when system configuration gets erased. |
| Operations | NetScreen – IDS intrusion detection | This alert is generated when attacks detected through NetScreen. |
| Operations | NetScreen – Security device error | This alert is generated when response to problems or processes that occur at the hardware or Screen OS level. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | NetScreen – Account Management Report | This report provides information related with creation, deletion and modification of user, group and account of NetScreen and by whom it is done. |
| Security | NetScreen – System Authentication Report | This report provides information related with mac address of systems authenticated with NetScreen firewall. |
| Security | NetScreen – URL Allowed or Blocked Report | This report provides information related with URL blocked and allowed in NetScreen with source IP. |
| Security | NetScreen – Firewall Policy Change Report | This report provides information related with changes in firewall policy component and by whom it is done. |
| Security | NetScreen – USB Storage Device Attached and Detached Report | This report provides information related with attached and detached of USB devices. |
| Security | NetScreen – Web Filtering Report | This report provides information about the changes in category and profiles of web filtering in NetScreen and by whom. |
| Operations | NetScreen – User Logon Success Report | This report provides information related to user logon success for different logon types like SSH, Console, Telnet etc. |
| Operations | NetScreen – User Logoff Report | This report provides information related to user logoff from different terminals. |
| Operations | NetScreen – User Authentication Success Report | This report provides information related to authentication success done for different users from different source addresses. |
| Operations | NetScreen – User Authentication Failed Report | This report provides information related to authentication failure for different users with reasons they got failed. |
| Operations | NetScreen – Intrusion Detection Report | This report provides information related with source IP and ports, destination IP and ports(victim details) and intrusion occurs in NetScreen firewall. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x or later, and Juniper Networks NetScreen Series.
Download Integration Guide for configuration instructions and more information.