dynamic-attack-group
Syntax
dynamic-attack-group name {
filters {
age-of-attack
{
greater-than value;
less-than value;
}
category (Security Dynamic Attack Group) {
values [ values ... ];
}
cvss-score
{
greater-than value;
less-than value;
}
direction (Security Dynamic Attack Group) {
expression (and | or);
values (any | client-to-server | exclude-any | exclude-client-to-server | exclude-server-to-client | server-to-client);
}
Excluded {
}
no-excluded {
}
false-positives {
values (frequently | occasionally | rarely | unknown);
}
file-type {
values [ values ... ];
}
performance {
values (fast | normal | slow | unknown);
}
(recommended | no-recommended);
service (Security IDP Dynamic Attack Group) {
values [ values ... ];
}
severity (Security IDP Dynamic Attack Group) {
values (critical | info | major | minor | warning);
}
type (Security IDP Dynamic Attack Group) {
values (anomaly | signature);
}
vendor name {
product-name product-name;
}
vulnerability-type {
values [ values ... ];
}
}
}
Hierarchy Level
[edit security idp] [edit tenants tenant-name security idp]
Description
Configure a dynamic attack group. A dynamic attack group selects its members based on the filters specified in the group. Therefore, the list of attacks is updated (added or removed) when a new signature database is used.
Options
dynamic-attack-group-name—Name of the dynamic attack group.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.3.
The expression option added in Junos OS Release 11.4.
Additional tags under filters of dynamic attack groups (CVSS score, age-of-attack, file-type, vulnerability-type) are added in Junos OS Release 18.2R1 for dynamic attacks grouping of IDP signatures. The Product and Vendor tags are already supported under existing filter products. The CLI interface for configuring these tags is now more user friendly with possible completions being available for configuration in 18.2R1.
The Excluded and no-excluded filters are added in Junos OS Release
19.1R1.