Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create and Manage Adaptive Threat Profiling Feeds

You can create and manage adaptive threat profiling feeds to configure security or intrusion detection/prevention (IDP) policies. This feature allows you to track and mitigate threats within your network.

Juniper Secure Edge that is enrolled with Juniper ATP Cloud should include all the necessary configuration to begin using adaptive threat profiling.

To add a new adaptive threat profiling feed:

  1. Select Security > Advanced Threat Prevention > Adaptive Threat Profiling.

    The Adaptive Threat Profiling page appears.

  2. Click the plus sign (+).

    The Add New Feed page appears as shown in Figure 1.

    Figure 1: Add New Feed Settings Add New Feed Settings
  3. Complete the configuration according to the guidelines provided in the Table 1.
  4. Click OK to save the changes.

    The feeds can only be used as DAG or IP filters.

    Table 1: Add New Feed Settings

    Setting

    Description

    Feed Name

    Enter a unique name for the threat feed. The feed name must begin with an alpha-numeric character and can include letters, numbers, and underscores; no spaces are allowed. The length is 8–63 characters.

    Type

    Select the content type of the feed. The following options are available:

    • IP

    • User ID

    Data Source

    The data source (User Policy) of the feed is auto-selected. You cannot modify this field.

    Time to Live

    Enter the number of days for the required feed entry to be active. After the feed entry crosses the time to live (TTL) value, the feed entry is automatically removed. The available range is 1–365 days.

    Add to Infected Hosts

    (Optional) Enable this setting to add the contents (for example, source or destination IP address) from this feed to the Infected host feed.

    You can only add IP address feed type to the Infected host feed.

    You can create a maximum of 64 feeds and add all 64 feeds to the infected host feeds.

    Ensure that the feed is downloaded by the Juniper Secure Edge. This download is done automatically at regular intervals but can take a few seconds.

Manage Adaptive Threat Profiling Feeds

  • Edit—Select the feed, and then click the pencil icon ().

  • Delete—Select the feed, and then click the trash can icon ().

  • Filter—You can filter by feed type and Time to Live (days). Click the filter icon ().

  • View—To view detailed information about a feed, click a feed name to view the following information:

    • Feed Items—List of all the IP addresses or User IDs that are associated with the feed. To exclude an IP address or User ID from the feed, select the IP address or User ID and click Add to Excluded Items.

    • Excluded Items—List of all the IP addresses or User IDs that are excluded from the feed. To remove an IP address or User ID for the excluded items list, select the IP address or User ID and click the trash can icon ().

      To manually exclude an IP address or User ID from the feed:

      1. Click the plus icon () in the Excluded Items tab.

        The Add to Excluded List page is displayed.

      2. Enter the IP address or User ID that you want to exclude from the feed.

      3. Click OK.

        The IP address or User ID is listed in the Excluded items page.