Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Command and Control Servers Overview

    Access this page from the Monitor menu.

    Note: C&C and Geo IP filtering feeds are only available with a Sky ATP premium license.

    Note: When managing Sky ATP with Security Director, you must select a Sky ATP realm from the available pulldown.

    The C&C servers page lists information on servers that have attempted to contact and compromise hosts on your network. A C&C server is a centralized computer that issues commands to botnets (compromised networks of computers) and receives reports back from them. Botnets can be used to gather sensitive information, such as account numbers or credit card information, or to participate in a distributed denial-of-service (DDoS) attack.

    When a host on your network tries to initiate contact with a possible C&C server on the Internet, the SRX Series device can intercept the traffic and perform an enforcement action based on real-time intelligence feed information that identifies the C&C server IP address and URL.

    • Export Data—Click the Export button to download C&C data to a CSV file. You are prompted to narrow the data download to a selected time-frame.
    • Report False Positives—Click the FP/FN button to launch a new screen which lets you send a report to Juniper Networks, informing Juniper of a false position or a false negative. Juniper will investigate the report, however, this does not change the verdict. If you want to make a correction (mark system as clean) you must do it manually.

    The following information is available on this page.

    Table 1: Command & Control Server Data Fields

    Field

    Definition

    C&C Server

    The IP address of the suspected command and control server.

    C&C Threat Level

    The threat level of the C&C server as determined by an analysis of actions and behaviors.

    Hits

    The number of times the C&C server has attempted to contact hosts on your network.

    C&C Country

    The country where the C&C server is located.

    Last Seen

    The date and time of the most recent C&C server hit.

    Protocol

    The protocol (TCP or UDP) the C&C server used to attempt communication.

    Client Host

    The IP address of the host the C&C server attempted to communicate with.

    Action

    The action taken on the communication (permitted or blocked).

    Modified: 2017-08-08