Juniper NETWORKS Security Director Cloud Insights User Guide

: June 15, 2024
: JUNIPER NETWORKS

Table of Contents

About This Guide
Overview
Security Director Cloud Insights Overview

uniper NETWORKS Security Director Cloud Insights User Guide

About This Guide

Use this guide to understand the architecture and deployment of Security Director Cloud Insights.

Overview

Security Director Cloud Insights Overview | 2

Security Director Cloud Insights Overview

IN THIS SECTION

B;n;C|s | 2
Security Director Cloud Insights Architecture | 3

Security Director Cloud Insights facilitates automated security or;r-ঞonsĺ It enables you to take ;@;cঞv; -cঞons on security events logged by Juniper Networks security products and third party security products. Security Director Cloud Insights displays events that -@;c| a host or events that are impacted by a r-rঞc†Ѵ-r threat source from 7b@;r;n| security modules. These events provide instantaneous bn=orm-ঞon about the extent of an -‚-chĺ The -rrѴbc-ঞon contains an orঞon to verify the incidents using your trusted threat intelligence provider. [;r you have v;rbC;7 the incidents, you can take rr;v;nঞv; and remedial -cঞons using the rich c-r-bbѴbঞ;s of our security products.

B;m;C|s

Reduce the number of alerts across disparate security soѴ†ঞonsĺ
Quickly react to -cঞv; threats with one-click mbঞ]-ঞonĺ
Improve the security or;r-ঞons center (SOC) teams’ ability to focus on the highest priority threats.

Security Director Cloud Insights Architecture

Figure 1: Security Director Cloud Insights Architecture

Security Director Cloud Insights collector collects and aggregates SRX logs and the third party logs.
Some of the features in Security Director Cloud uses the SRX logs. You can monitor the incidents and mbঞ]-|; the events based on your network requirements.

Security Director Cloud Insights receives SRX logs from Juniper Secure Edge or Juniper SRX Cr;w-ѴѴ that are managed by Security Director Cloud. If you have third party security products, then Security Director Cloud Insights receives logs from third party security products. Security Director Cloud Insights correlates the security -rrѴbc-ঞon logs to tell you what are the most important security incidents in your or]-nbz-ঞonĺ Security Director Cloud ingests all the security events from 7b@;r;n| sources and provides †nbC;7 view to the users.

Security Director Cloud Insights supports the following log collector types:

Cloud collector—Enable the cloud collector if you receive SRX logs from Juniper Secure Edge or Security Director Cloud managed SRX Cr;w-ѴѴsĺ By default, the cloud collector is enabled.
On-premises collector—If you have a third party log source, such as McAfee, you can deploy Security

Director Cloud Insights on-premises collector. You can redirect the output from third party security products to Security Director Cloud Insights on- premises collector. Logs are then CѴ|;r;7 and sent to Security Director Cloud.

If you have any third party security product, you’ll need to download Security Director Cloud Insights on-premises collector OVA CѴ; from the download site and deploy. See Deploy and ConC]†r; Security Director Cloud Insights On- premises Collector.

Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA
408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Security Director Cloud Insights On-premises Collector Deployment Guide Copyright © 2023 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA.

Deploy On-premises Collector

Deploy and Configure Security Director Cloud Insights On-premises Collector with Open Virtualization Appliance (OVA) Files | 5

Deploy and ComC]†r; Security Director Cloud Insights On-premises Collector with Open (br|†-ѴbŒ-ঞom Appliance (OVA) Files
Security Director Cloud Insights requires VMware ESXi server version 6.5 or later to support a virtual machine (VM) with the following conC]†r-ঞonsĹ

16 CPUs
24-GB RAM
1.2-TB disk space

If you are not familiar with using VMware ESXi servers, see VMware oc†m;n|-ঞon and select the appropriate VMware vSphere version.
To deploy and conC]†r; the Security Director Cloud Insights on-premises collector with OVA CѴ;sķ perform the following tasks:

Download the Security Director Insights Cloud – Collector VM OVA image from the Juniper Networks so[w-r; download page.
NOTE: Do not change the name of the Security Director Cloud Insights VM image CѴ; that you download from the Juniper Networks support site. If you change the name of the image CѴ;ķ the cr;-ঞon of the Security Director Cloud Insights VM may fail.
Launch the vSphere Client that is connected to the ESXi server, where the Security Director Cloud Insights VM is to be deployed.
Select File > Deploy OVF Template.
The Deploy OVF Template page appears, as shown in Figure 2 on page 6.
Figure 2: Select an OVF Template Page
In the Select an OVF template page, select the URL orঞon if you want to download the OVA image from the internet or select Local CѴ; to browse the local drive and upload the OVA image.
Click Next.
The Select a name and folder page appears.
Specify the OVA name, bns|-ѴѴ-ঞon Ѵoc-ঞon for the VM, and click Next.
The Select a compute resource page appears.
Select the 7;sঞn-ঞon compute resource for the VM, and click Next.
The Review details page appears.
Verify the OVA details and click Next.
The License agreements page appears, as shown in Figure 3 on page 7.
Figure 3: License Agreement Page
Accept the EULA and click Next.
The Select storage page appears.
Select the 7;sঞn-ঞon CѴ; storage for the VM conC]†r-ঞon CѴ;s and the disk format. (Thin Provision is for smaller disks and Thick Provision is for larger disks.)
Click Next. The Select networks page appears.
Select the network interfaces for the VM.
ConC]†r; IP -ѴѴoc-ঞon for DHCP or “|-ঞc addressing. We recommend using “|-ঞc IP ѴѴoc-ঞon Policy.
Click Next. The Customize template page appears. For DHCP bns|r†cঞonsķ see Step 13.
For IP -ѴѴoc-ঞon as “|-ঞcķ conC]†r; the following parameters for the VM:
- IP address—Enter the Security Director Cloud Insights VM IP address.
- Netmask—Enter the netmask.
- Gateway—Enter the gateway address.
- DNS Address 1—Enter the primary DNS address.
- DNS Address 2—Enter the secondary DNS address.
- Figure 4: Customize Template Page
For IP -ѴѴoc-ঞon as DHCP, enter the search domain, hostname, device name, and device 7;scrbrঞon for the VM.
We recommend this orঞon only for the Proof of Concept type of short-term deployments. Do not use this orঞonĺ
Click Next. The Ready to complete page appears, as shown in Figure 5 on page 9.
Figure 5: Ready to Complete Page
Verify all the details and click Finish to begin the OVA bns|-ѴѴ-ঞonĺ
[;r the OVA is installed successfully, power on the VM and wait for the boot-up to complete.
[;r the VM powers on, in the CLI terminal, log in as administrator with the default username as “admin” and password as “abc123”.
[;r you log in, the system prompts you to change the default admin password. Enter a new password to change the default password, as shown in Figure 6 on page 9.
Figure 6: Default Admin Password Reset
Follow the wizard to conC]†r; the network details (hostname, conn;cঞon and so on) on the cloud. [;r you deploy the Security Director Cloud Insights VM, if you want to change the tenant to which the on-premises collector is connected, then go to the CLI and run the sdic conC]†r; command. The format of the command is sdic conC]†r; . The Security Director Cloud Insights on-premises collector deployment is now complete.