Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation
keyboard_arrow_up
close
keyboard_arrow_left
Juniper Security Director Cloud User Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

Create and Manage Metadata Streaming Profiles to Detect DGA-Based Threats

date_range 14-Feb-25
  1. In the Metadata Streaming Profiles section, click +.
    The Create Metadata Streaming Profile page is displayed.
  2. Enter a unique profile name within 63 alphanumeric characters. You can use special characters such as _ and -.
  3. In the DNS section, enable the DGA detection toggle button.
  4. Select the action that must be performed if a threat is detected:
    • Deny—Drop the session.

    • Sinkhole—Drop the session and sinkhole the request domain.

      Note:

      To sinkhole a request domain, you must configure the sinkhole settings for the device. To configure the settings from Juniper Security Director Cloud, click the device name on the Devices page and then click Junos Detailed Configurations > Services > Dns Filtering > Sinkhole.

    • Permit—Permit the session.

  5. Select how you want to log a request:
    • Log detections—Log the request only if a threat is detected.

    • Log everything—Log all requests received by the device.

  6. Enable the Fallback options log toggle button to log the request if no threat is detected.
  7. In the Verdict timeout text box, enter the duration for which the device must wait for a response from Juniper Security Director Cloud.
  8. To store DNS requests in cache, enable the Cache TTL toggle button and enter the duration for which requests from benign and command-and-control (C2) domains must be stored.
  9. Click OK.
    The metadata streaming profile is created and displayed on the Metadata Streaming Policy page.
Manage Metadata Streaming Profiles
  • Edit—Select the profile, and then click .

  • Clone—Select the profile, and then click More > Clone.

    Note:

    By default, the profile name is suffixed with _copy_1.

  • Delete—Select the profile, and then click .

footer-navigation