- play_arrow Overview
- play_arrow Juniper Advanced Threat Prevention Cloud Overview
- play_arrow Juniper Advanced Threat Cloud Prevention Setup
-
- play_arrow Juniper ATP Cloud Web Portal
- play_arrow Juniper ATP Cloud Web Portal Overview
-
- play_arrow Enroll SRX Series Firewalls in Juniper ATP Cloud Web Portal
- play_arrow Configure Juniper ATP Cloud Features
- play_arrow Allowlists and Blocklists
- play_arrow Email Scanning: Juniper ATP Cloud
- play_arrow File Inspection Profiles
- play_arrow Adaptive Threat Profiling
- play_arrow Feeds Configuration
- play_arrow Infected Hosts
- play_arrow Threat Intelligence Sharing
- play_arrow Misc Configurations
-
- play_arrow Administration
- play_arrow Juniper ATP Cloud Administration
- Modify My Profile
- Create and Edit User Profiles
- Set Password
- Application Tokens Overview
- Create Application Tokens
- Multi-Factor Authentication Overview
- Configure Multi-Factor Authentication for Administrators
- Set Up Single Sign-on with SAML 2.0 Identity Provider
- Configure SSO Settings
- View Audit Logs
-
- play_arrow More Documentation
- play_arrow ATP Cloud Tech Library Page Links
-
Host Details
Access this page by clicking the Host Identifier from the Monitor >Hosts page. Double-click the host to view summary details and malicious files that have been downloaded.
Use the host details page to view in-depth information about current threats to a specific host by time frame.
For C&C threat sources, you can change the host ID, the investigation status, and the blocked status of the host.
The information provided on the host details page is as follows:
Threat Level | Definition |
|---|---|
0 | Clean; no action is required. |
1–3 | Low threat level. Recommendation: Disable this host. |
4–6 | Medium threat level. Recommendation: Disable this host. |
7–10 | High threat level. Host has been automatically blocked. |
Host Identifier—Displays the Juniper ATP Cloud-assigned name of the host. You can edit this name by entering a new name in this field and clicking Save. To return to the default assigned name, click Reset.
Host IP Address—Displays the IP address of the selected host.
MAC Address—This information is only available when Juniper ATP Cloud is used with Policy Enforcer.
Host Status—Displays the current threat level of the host and recommended actions.
Investigation Status—The following states of investigation are available: Open, In progress, Resolved - false positive, Resolved - fixed, and Resolved - ignored.
Policy override for this host—The following options are available: Use configured policy (not included in infected hosts feed), Always include host in infected hosts feed, Never include host in infected hosts feed.
Note:The blocked status changes in relation to the investigation state. For example, when a host changes from an open status (Open or In Progress) to one of the resolved statuses, the blocked status is changed to allowed and the threat level is down to 0. Also, when the investigation status is changed to resolved, an event is added to the log at the bottom of the page.
Host threat level graph—This is a color-coded graphical representation of threats to this host displayed by time frame. You can change the time frame, and you can slide the graph backward or forward to zoom in or out on certain times. When you zoom in, you can view individual days within a month.
Expand time-frame to separate events—Use this check box to stretch a period of time and see the events spread out individually.
Past threats—The date and status of past threats to this host are listed here. The time frame set previously also applies to this list. The description for each event provides details about the threat and the action taken at the time.
