Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

https://www.juniper.net/documentation/en_US/release-independent/sky-atp/topics/concept/sky-atp-integrated-feeds.html

SecIntel provides carefully curated and verified threat intelligence from
1- Juniper Networks’ Advanced Threat Prevention (ATP) Cloud,
2- Juniper Threat Labs, and
3- industry-leading threat feeds
to
A- MX Series routers,
B- SRX Series Services Gateways, and
C- NFX Series Network Services Platform
to block
1- Command and Control(C&C) communications at line rate.
SecIntel delivers real-time threat intelligence by enabling automatic and responsive traffic filtering.




Create  profile  Profile 

set services security-intelligence profile secintel_profile category CC

set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 10

set services security-intelligence profile secintel_profile rule secintel_rule match threat-level 9

set services security-intelligence profile secintel_profile rule secintel_rule then action block close

set services security-intelligence profile secintel_profile rule secintel_rule then log

set services security-intelligence profile secintel_profile default-rule then action permit

set services security-intelligence profile secintel_profile default-rule then log

Create Policy

set services security-intelligence policy secintel_policy Infected-Hosts ih_profile

set services security-intelligence policy secintel_policy CC secintel_profile

Apply Policyset security policies from-zone trust to-zone untrust policy 1 then permit application-services security-intelligence-policy secintel_policy