Access this page from the Monitor menu.
Note: C&C and Geo IP filtering feeds are only available with a Sky ATP premium license.
Note: When managing Sky ATP with Security Director, you must select a Sky ATP realm from the available pulldown.
The C&C servers page lists information on servers that have attempted to contact and compromise hosts on your network. A C&C server is a centralized computer that issues commands to botnets (compromised networks of computers) and receives reports back from them. Botnets can be used to gather sensitive information, such as account numbers or credit card information, or to participate in a distributed denial-of-service (DDoS) attack.
When a host on your network tries to initiate contact with a possible C&C server on the Internet, the SRX Series device can intercept the traffic and perform an enforcement action based on real-time intelligence feed information that identifies the C&C server IP address and URL.
The following information is available on this page.
Table 32: Command & Control Server Data Fields
Field | Definition |
|---|---|
C&C Server | The IP address of the suspected command and control server. |
C&C Threat Level | The threat level of the C&C server as determined by an analysis of actions and behaviors. |
Hits | The number of times the C&C server has attempted to contact hosts on your network. |
C&C Country | The country where the C&C server is located. |
Last Seen | The date and time of the most recent C&C server hit. |
Protocol | The protocol (TCP or UDP) the C&C server used to attempt communication. |
Client Host | The IP address of the host the C&C server attempted to communicate with. |
Action | The action taken on the communication (permitted or blocked). |
© 2018 Juniper Networks, Inc. All rights reserved