Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

HTTP File Download Overview

Access the HTTP File Download page from the Monitor > Files > HTTP File Downloads menu.

Benefits of viewing HTTP File Downloads

  • Allows you to view a compiled list of suspicious downloaded files all in one place, including the signature, threat level, URL, and malware type.

  • Allows you to filter the list of downloaded files by individual categories.

Export Data—Click the Export button to download file scanning data to a CSV file. You are prompted to narrow the data download to a selected time-frame.

The following information is available on this page.

Table 1: HTTP Scanning Data Fields

Field

Definition
Detection Engine

Displays the name of the detection engines with the highest confidence in threat detection. For more information, see Table 2.

Other detection engines can also reach the same verdict.

When two or more detection engines detects the same malware, the verdict engine determines which detection engine should be displayed in this column.

Signature ID / SHA-256 / ML Hit

If applicable, the Signature ID uniquely identifies the signature that is triggered for this detection; otherwise, the SHA-256 file hash is displayed.

  • If a full file is uploaded to the Juniper ATP Cloud, a hash of the file is displayed in this column.

  • If the file is blocked and the transfer is interrupted on the SRX Series Firewall, a Signature ID is displayed.

  • If the file is detected by the inline machine learning (ML)-based threat detection engine on the SRX Series Firewall, "N/A" is displayed in this column.

Threat Level

The threat score Click the three vertical dots at the top of the column to filter the information in the page by threat level.

Filename

The name of the file, including the extension

Last Submitted

The time and date of the most recent scan of the file

URL

The URL from which the file originated

Malware Name

The name of file and the type of threat if the verdict is positive for malware. Examples: Trojan, Application, Adware. If the file is not malware, the verdict is "clean."

Category

The type of file. Examples: Portable Document Format, executable, document
Table 2: Detection Engines

Detection Engine Names

Description

AI-PTP E

Juniper’s on-device ML flow-based antivirus
AI-PTP P Juniper’s on-device flow-based antivirus

Allowlist

Known clean override

AntiVirus A

Commercial antivirus

AntiVirus B

Commercial antivirus

AntiVirus M

Commercial cloud multi-antivirus engine

Blocklist

Known clean override

Clean Override

Known clean override

Dynamic ML C

Juniper’s sandbox-based ML

Dynamic ML D

Juniper’s sandbox-based ML

Dynamic ML N

Juniper’s cloud sandbox-based ML

Reputation

File hash reputation

Static ML G

Juniper’s cloud ML antivirus

Static ML J

Commercial cloud static antivirus

Static ML P

Juniper’s ML engines using file attributes

Yara

Juniper’s Yara engine signatures

Related Documentation