Using Quick Setup for Sky ATP
See Sky ATP Features for an overview of Sky ATP.
For configuring Sky ATP policies, quick setup is the most efficient
way to complete your initial configuration. If you are using Sky ATP
with Policy Enforcer, you should use quick setup for PE Setup with
Sky ATP instead. Find those instructions here: Using Quick Setup for Sky ATP with Policy Enforcer.
Note: A Sky ATP license and account are needed for all threat
prevention types (Sky ATP with PE, Sky ATP, and Cloud Feeds only).
If you do not have a Sky ATP license, contact your local sales office
or Juniper Networks partner to place an order for a Sky ATP premium
license. If you do not have a Sky ATP account when you configure Sky
ATP, you are redirected to the Sky ATP server to create one. Please
obtain a license before you try to create a Sky ATP account. Refer
to Installing Policy Enforcer for instructions on obtaining a Sky ATP premium license.
Quick setup is located under Configure>Quick
Setup>Sky ATP. Click Start Setup to begin.
Procedure
- Add a Sky ATP Realm—If you have not created
a realm from within your Sky ATP account, you can create it here by
clicking the + sign. Once you add a realm, you can enroll
SRX Series devices into the realm. A security realm is a group identifier
for an organization used to restrict access to Web applications. You
can create one or multiple realms. A realm has the following configuration
fields
- Username and Password—These
are credentials you must provide, obtained through your Sky ATP account.
- Realm—This is the name of the realm you
are creating.
- Click Add devices to enroll them in threat
prevention before proceeding to the next step. Devices designated
as perimeter firewalls are automatically enrolled with Sky ATP.
- Create a Policy—You create a name for
the policy, choose one or more profile types depending on the type
of threat prevention this policy provides (C&C Server, Infected
Host, Malware), and select a log setting.
- Once configured, threat prevention policies are located
under Configure > Threat Prevention > Policies. A policy has the following fields:
- Name and Description.
- Profiles—The type of threat this policy
manages:
- C&C Server (Command and Control Server)—A
C&C server is a centralized computer that issues commands to botnets
(compromised networks of computers) and receives reports back from
them. A C&C profile provides information on C&C servers that
have attempted to contact and compromise hosts on your network. Information
such as IP address, threat level, and country of origin are gathered.
- Infected Host—An infected host profile
provides information on compromised hosts and their associated threat
levels. Host information includes IP address, threat level, blocked
status, when the threat was seen, command and control hits, and malware
detections.
- Malware—A malware profile provides information
on files downloaded by hosts and found to be suspicious based on known
signatures or URLs. The filename, file type, signature, date and time
of download, download host, URL, and file verdict are gathered.
- Logging—All traffic is logged by default.
Use the pulldown to narrow the types of traffic to be logged.
- The last page is a summary of the items you have configured.
Click OK to be taken to the Policies page under Configure > Threat Prevention, and your policy is listed there.
Note: When you are using Sky ATP without Policy Enforcer, you
must assign the policy to a firewall rule before it can take affect.
Navigate to Configure > Firewall Policy > Policies. In the Advanced Security column, click an existing
item to access the Edit Advanced Security page and select the Threat
Prevention Policy from the Threat Prevention pulldown list.
Related Documentation
Help us to improve. Rate this article.
Feedback Received. Thank You!