Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create a Metadata Streaming Profile

You are here: Security Services > Metadata Streaming Profile.

Create a metadata streaming profile to protect and defend your network from advanced threats using DNS.

To create a metadata streaming profile:

  1. Click + on the upper-right corner of the Metadata Streaming Profile page.

    The Create Metadata Streaming Profile page opens.

  2. Complete the configuration according to the guidelines provided in Table 1.
  3. Click OK to save the changes. To discard your changes, click Cancel.

    Once you create the metadata streaming profile, you can associate it with metadata streaming policies.

    Table 1: Fields on the Create Metadata Streaming Profile Page

    Field

    Action

    Name

    Enter a name for the metadata streaming profile.

    The name must be a unique string and can include alphabets, numbers, or special characters, and 64 characters maximum. Special characters such as & ( ) ] ? " # are not allowed.

    DGA detection

    DGA detection

    Enable to detect DGA-based attacks on DNS packets.

    Action

    Select an action that the SRX Series Firewall will take when a detection is made:

    • Deny—Drops DGA session.

    • Sinkhole—Drops the DGA session and sinkholes the domain.

    • Permit—Permits DGA session.

    Logs

    Select an action to log the event:

    • Log detections—(Recommended) Generates log only for malicious DNS detections.

      Log everything—Generates log for every request (malicious or not) that passes through the device.

    Tunnel detection

    Tunnel detection

    Enable to detect DNS tunneling.

    Action

    Select an action that the SRX Series Firewall will take when a detection is made:

    • Deny—Drops tunnel session.

    • Sinkhole—Drops the tunnel session and sinkholes the domain.

    • Permit—Permits tunnel session.

    Logs

    Select an action to log the event:

    • Log detections—(Recommended) Generates log only for malicious tunnel detections.

      Log everything—Generates log for every request (malicious or not) that passes through the device.

    Encrypted Traffic Insights (ETI)

    Encrypted Traffic Insights (ETI)

    Enable to detect malicious threats that are hidden in encrypted traffic without intercepting and decrypting the traffic.

    Action

    Permits security metadata streaming actions.

    Logs

    Enable to log all security metadata streaming actions.

Related Documentation