- play_arrow Introduction
- play_arrow Dashboard
- play_arrow Monitor
- play_arrow Alerts
- play_arrow Logs
- play_arrow Maps and Charts
- play_arrow Tunnel Status
- play_arrow Service Locations
- play_arrow Advanced Threat Prevention
- Hosts Overview
- Host Details
- Threat Sources Overview
- Threat Source Details
- Reverse Shell Overview
- Add IP Address to Allowlist
- HTTP File Download Overview
- HTTP File Download Details
- Signature Details
- Manual Scanning Overview
- SMB File Download Overview
- SMB File Download Details
- Email Attachments Scanning Overview
- Email Attachments Scanning Details
- DNS DGA Detection Overview
- DNS Tunnel Detection Overview
- DNS DGA and Tunneling Detection Details
- Encrypted Traffic Insights Overview
- Encrypted Traffic Insights Details
- SMTP Quarantine Overview
- IMAP Block Overview
- Telemetry Overview
- play_arrow Reports
- play_arrow Report Definitions
- Report Definitions Main Page Fields
- Create and Manage Threat Assessment Report Definitions
- Create and Manage Application User Usage Report Definitions
- Create and Manage IPS Report Definitions
- Create and Manage Rule Analysis Report Definitions
- Create and Manage Security Events Report Definitions
- Create and Manage Top Talkers Report Definitions
- Create and Manage Network Operations Report Definitions
- Create and Manage URLs Visited Per User Report Definitions
- Create and Manage Log Streaming Report Definitions
- Using Report Definitions
- Editing Report Definitions
- Deleting Report Definitions
- play_arrow Generated Reports
- play_arrow ATP Report Definitions
- play_arrow ATP Generated Reports
- play_arrow Secure Edge Reports
-
- play_arrow SRX Device Management
- play_arrow Devices
- Devices Overview
- Add Devices
- Enroll SRX Series Firewalls from ATP Cloud to Juniper Security Director Cloud
- Disenroll SRX Series Firewall from ATP Cloud
- Device Subscriptions
- Add Licenses
- Import Device Certificates
- Configure Security Logs
- Configuration Versions
- Out-of-Band Changes
- Resolve Out-of-Band Changes
- Resynchronize Devices
- Upgrade Devices
- Reboot Devices
- Delete Devices
- play_arrow Device Groups
- play_arrow Preprovision Profiles
- play_arrow Configuration Templates
- play_arrow Images
- play_arrow Security Packages
-
- play_arrow SRX Security Policy
- play_arrow SRX Security Policies
- play_arrow SRX Security Policy Rules
- Security Policy Rules Overview
- Security Policy Rule Analysis Overview
- Add and Manage Security Policy Rules
- Analyze Security Policy Rules
- Edit, Clone, and Delete a Security Policy Rule
- Reorder a Security Policy Rule
- Configure Default Rule Option
- Select a Security Policy Rule Source
- Select a Security Policy Rule Destination
- Select Applications and Services
- Common Operations on a Security Policy Rule
- Add SRX Policy Rules to Secure Edge Policy (From SRX Policy Page)
- play_arrow SRX Security Policy Versions
- play_arrow Device View
-
- play_arrow SRX IPSec VPN
- play_arrow IPsec VPNs
- IPsec VPN Overview
- Understanding IPsec VPN Modes
- Understanding IPsec VPN Routing
- Understanding IKE Authentication
- IPsec VPN Global Settings
- Create a Policy-Based Site-to-Site VPN
- Create a Route-Based Site-to-Site VPN
- Create a Hub-and-Spoke (Establishment All Peers) VPN
- Create a Hub-and-Spoke (Establishment by Spokes) VPN
- Create a Hub-and-Spoke Auto Discovery VPN
- Create a Remote Access VPN—Juniper Secure Connect
- Importing IPsec VPNs
- Deploy an IPsec VPN
- Modify IPsec VPN Settings
- Delete an IPsec VPN
- play_arrow VPN Profiles
- play_arrow Extranet Devices
-
- play_arrow SRX NAT
- play_arrow NAT Policies
- play_arrow NAT Pools
- Devices with NAT Policies
-
- play_arrow SRX Identity
- play_arrow JIMS
- play_arrow Active Directory
- play_arrow Access profile
- play_arrow Address Pools
-
- play_arrow Secure Edge Service Management
- Juniper Secure Edge Overview
- Service Locations Overview
- Create and Manage Service Locations
- Edit and Delete Service Locations
- Sites Overview
- Create and Manage Sites
- Create and Manage Bulk Sites
- Edit and Delete Sites
- About the IPsec Profiles Page
- Create and Manage IPsec Profiles
- Edit or Delete an IPsec Profile
- External Probe Overview
- play_arrow Secure Edge Security Policy
- Secure Edge Policy Overview
- Add and Manage Secure Edge Policy Rules
- Edit, Clone, and Delete a Secure Edge Policy Rule
- Reorder a Security Policy Rule
- Select a Secure Edge Policy Source
- Select a Secure Edge Policy Destination
- Select Applications and Services
- Common Operations on a Secure Edge Policy
- Deploy Secure Edge Policies
- Add SRX Policy Rules to Secure Edge Policy (From Secure Edge Policy Page)
- play_arrow Secure Edge Security Subscriptions
- IPS Policies Overview
- IPS Policies Overview
- Create and Manage IPS Rules
- Edit, Clone, and Delete IPS Rules
- Create and Manage Exempt Rules
- Edit, Clone, and Delete Exempt Rule
- Web Filtering Profiles Overview
- Web Filtering Profiles Overview
- Create and Manage Web Filtering Profiles
- Edit, Clone, and Delete a Web Filtering Profile
- CASB Overview
- CASB Profiles Overview
- Create and Manage CASB Profiles
- Edit and Delete a CASB Profile
- CASB Rules Overview
- Add and Manage CASB Profile Rules
- Edit and Delete a CASB Rule
- Application Instances Overview
- Create and Manage Application Instances
- Edit and Delete an Application Instance
- Application Tagging Overview
- Content Filtering Policies Overview
- Content Filtering Policies Overview
- Create and Manage Content Filtering Policies
- Add and Manage Content Filtering Policy Rules
- Edit and Delete a Content Filtering Policy
- Edit, Clone, and Delete a Content Filtering Policy Rule
- SecIntel Profiles Overview
- SecIntel Profiles Overview
- Create and Manage Command and Control Profiles
- Create and Manage DNS Profiles
- Create and Manage Infected Hosts Profiles
- Edit, Clone, and Delete SecIntel Profile
- SecIntel Profile Groups Overview
- Create and Manage SecIntel Profile Groups
- Edit, Clone, and Delete SecIntel Profile Group
- Anti-malware Profiles Overview
- About Anti-malware Profiles
- Create and Manage Anti-malware Profiles
- Edit, Clone, and Delete Anti-malware Profile
- Create a DNS Security Profile
- Create an Encrypted Traffic Insights Profile
- play_arrow Secure Edge Service Administration
- Certificate Management Overview
- Certificate Management Overview
- Generate and Manage Certificates
- Upload and Download a Certificate
- Regenerate and Delete a Certificate
- Add Juniper Clouds Root CA Certificate on Microsoft Windows
- Add Juniper Clouds Root CA Certificate on MacOS
- Add Juniper Clouds Root CA Certificate in Google Chrome
- Add Juniper Clouds Root CA Certificate in Mozilla Firefox
- Proxy Auto Configuration Files Overview
- Proxy Auto Configuration (PAC) Files Overview
- Edit, Clone, and Delete a Proxy Auto Configuration File
- Distribute a Proxy Auto Configuration File URL to Web Browsers
- Manually Add a Proxy Auto Configuration File URL to a Web Browser
- Configure an Explicit Proxy Profile
- Decrypt Profiles Overview
- Decrypt Profiles Overview
- Create and Manage Decrypt Profiles
- Edit, Clone, and Delete a Decrypt Profile
- play_arrow Secure Edge Identity
- End User Authentication Overview
- About the End User Authentication Page
- Add and Manage End User Profiles
- Create a SAML Profile
- Create an LDAPS Profile
- Manage the Hosted Database
- Edit and Delete an End User Profile
- Add and Manage Groups
- Edit and Delete a Group
- Juniper Identity Management Service Overview
- Juniper Identity Management Service Overview
- JIMS Collector Onboarding Overview
- Onboard JIMS Collector
- Create JIMS Collector Service Accounts
- Install JIMS Collector
- Configure JIMS Collector to Get Information from the Directory Service
- Configure JIMS Collector to Get Microsoft Event Logs
- Configure JIMS Collector to Probe Unknown IP Addresses
- Delete JIMS Collector
- Authentication Settings Overview
- Configure the Authentication Frequency
- play_arrow Secure Edge CASB and DLP
- play_arrow Shared Services Firewall Policies
- play_arrow Rule Options
- play_arrow Redirect Profiles
-
- play_arrow Shared Services Objects
- play_arrow Addresses
- play_arrow GeoIP
- play_arrow Services
- play_arrow Applications
- play_arrow Schedules
- play_arrow URL Patterns
- play_arrow URL Categories
- play_arrow SSL Initiation Profile
-
- play_arrow Shared Services Advanced Threat Prevention
- Enroll an SRX Series Firewall using Juniper ATP Cloud Web Portal
- Remove an SRX Series Firewall From Juniper Advanced Threat Prevention Cloud
- Search for SRX Series Firewalls Within Juniper Advanced Threat Prevention Cloud
- Device Information
- File Inspection Profiles Overview
- Create File Inspection Profiles
- Email Management Overview
- Configure SMTP Email Management
- Configure IMAP Email Management
- Adaptive Threat Profiling Overview
- Create an Adaptive Threat Profiling Feed
- Allowlists Overview
- Create Allowlists
- Blocklists Overview
- Create Blocklists
- SecIntel Feeds Overview
- Configure DAG Filter
- Global Configuration for Infected Hosts
- Enable Logging
- Configure Threat Intelligence Sharing
- Configure Trusted Proxy Servers
- Configure Webhook
- play_arrow Administration
- play_arrow Subscriptions
- play_arrow Users & Roles
- play_arrow Single Sign-On Configuration
- play_arrow Two-Factor Authentication
- play_arrow Audit Logs
- play_arrow Service Updates
- play_arrow Jobs
- play_arrow Data Management
- play_arrow Log Streaming
- play_arrow URL Recategorization
- play_arrow API Security
- play_arrow Organization
- play_arrow ATP Mapping
- play_arrow ATP Audit Logs
- play_arrow ATP Application Tokens
-
IPS Signatures Overview
IPS compares traffic against signatures of known threats and blocks traffic when a threat is detected. The IPS Signatures page to monitor and prevent intrusions using the signatures. You can view, create, modify, clone, and delete IPS signatures, IPS signature static groups, and IPS signature dynamic groups. You can delete only the customized IPS signatures, static groups, and dynamic groups that are not used in the IPS or exempt rules.
To access this page, select SRX > Security Subscriptions > IPS > IPS Signature.
Field Descriptions - IPS Signatures Page
Field | Description |
|---|---|
Name | The name of the IPS signature, IPS signature static group, or IPS signature dynamic group. Displays the name of the predefined IPS signature. Click the IPS signature name link to view the signature details on the Threat Labs page. The IPS signature link is not available for custom IPS signatures and static or dynamic group. |
Severity | The severity level of the attack that the signature reports. |
Category | The category of the attack object. |
CVE | Displays the Common Vulnerabilities and Exposures (CVE) identifier or name associated with the threat. |
CVSS Score | The Common Vulnerability Scoring System (CVSS) score used as a filter for the dynamic group. |
Activation Date | The date when the IPS signature was activated. |
Type | The type of IPS signature, which include:
|
Recommended | Indicates whether the attack objects are recommended by Juniper Networks (True) or not (False). |
Action | The action taken when the monitored traffic matches the attack objects added in the IPS rules. |
Predefined/Custom | Indicates whether the IPS signature, static group, or dynamic group was system-generated (Predefined) or created by a user (Custom). |
CERT | Displays the computer emergency response team (CERT) advisory number associated with the threat. |
BUG | Displays the list of bugs that are related to the signature attack. |
False Positives | Displays the frequency with which the attack produces a false positive on your network. |
Service | The protocol or service that the attack uses to enter your network. |
Performance Impact | The performance impact of the IPS signature. |
Direction | The direction of the traffic for which the attack is detected, such as client to server. |
Field Descriptions - IPS Signature Details View Page
Field | Description |
|---|---|
General Info | |
Name | The name of the IPS signature. |
Description | The description of the IPS signature. |
URL(s) | Displays the URLs that have the details about the signature attack. For example, http://www.faqs.org/rfcs/rfc2865.html. |
Category | The category of the attack object. See Table 1. |
Recommended | Indicates whether the attack objects are recommended by Juniper Networks (True) or not (False). See Table 1. |
Action | The action taken when the monitored traffic matches the attack objects added in the IPS rules. See Table 1. |
Keywords | The keywords associated with the IPS signature. |
Severity | The severity level of the attack that the signature reports. See Table 1. |
BUGS | Displays the list of bugs that are related to the signature attack. See Table 1. |
CERT | Displays the computer emergency response team (CERT) advisory number associated with the threat. See Table 1. |
CVE | Displays the Common Vulnerabilities and Exposures (CVE) identifier or name associated with the threat. See Table 1. |
Signature Details | |
Binding | The protocol or service that the attack uses to enter your network. |
Service | For service binding, displays the service the attack uses to enter your network. |
Time Count | The number of times that IPS detects the attack in a specified time scope. |
Match Assurance | The positives filter to track attack objects based on the frequency that the attack produces a false positive on your network. |
Performance Impact | The performance impact filter used for the IPS signature. |
Signature | Displays (in a table) the signature attack objects configured as part of the IPS signature. For each row, the following fields are displayed:
|
Field Descriptions - IPS Static Group Details Page
Field | Description |
|---|---|
Name | The name of the IPS signature static group. |
Description | The description of the IPS signature static group. |
Group Members | Displays the IPS signatures or IPS signature dynamic groups that are part of the IPS static group. See Table 1 for an explanation of the fields in the table. To view the details, select a row, click More > Detail, or mouse over a row, and click the Detailed View icon. Depending on the object type, the IPS Signature Details View page or IPS Signature Dynamic Details View page opens. See Table 2 and Table 4 for an explanation of the fields on these pages. |
Field Descriptions - IPS Signature Dynamic Details View Page
Field | Description |
|---|---|
Name | The name of the IPS signature dynamic group. |
Severity | The severity filters used for the dynamic group. |
Service | The service filters used for the dynamic group. |
Category | The category filters used for the dynamic group. |
Recommended | Indicates whether predefined attack objects recommended by Juniper Networks are added to the dynamic group (true) or not (false). |
Excluded | Indicates whether predefined attack objects recommended by Juniper Networks are excluded from the dynamic group (true) or not (false). |
Direction | The traffic direction filters used for the dynamic group. |
Performance Impact | The performance impact filter used for the dynamic group. |
False Positive | The false positive filter used for the dynamic group. |
Age of Attack | The age of the attack in years used as a filter for the dynamic group. |
CVSS Score | The Common Vulnerability Scoring System (CVSS) score used as a filter for the dynamic group. |
File Type | The file type of the attack used as a filter for the dynamic group. |
Vulnerability Type | The vulnerability type of the attack used as a filter for the dynamic group. |
Object Type | The type of the object (anomaly or signature) used as a filter for the dynamic group. |
Vendor Description | The vendor or product that the attack belongs to. |
