Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Threat Prevention Policy Overview

Threat prevention policies provide protection and monitoring for selected threat profiles, including command and control servers, infected hosts, and malware. Using feeds from Sky ATP and optional custom feeds that you configure, ingress and egress traffic is monitored for suspicious content and behavior. Based on a threat score, detected threats are evaluated and action may be taken once a verdict is reached.

Once policies are configured, the following fields are available on the Security Director main page to provide an overview of each policy.

Table 328: Threat Prevention Policy Fields

Field

Description

Name

The user-created name for the policy.

Profile: C&C Server

Threat score settings overview if selected for the policy. (Otherwise this field is empty.) For example:

Block: 8-10

Monitor: 5-7

Permit: 1-4

Profile: Infected Host

Threat score settings overview if selected for the policy. (Otherwise this field is empty.)

Profile: Malware HTTP

Threat score settings overview if selected for the policy. (Otherwise this is empty.)

Profile: Malware SMTP

Threat score settings overview if selected for the policy. (Otherwise this field is empty.)

Status

This displays the status of the policy. This status is a clickable link you can use to change the policy status. When you first create a policy and assign it to a group, this field reads View Analysis. Read Threat Policy Analysis Overview for more information on this field.

If the status is Update Failed, click Retry to perform the rule analysis again. You can click the Update Failed status to see the corresponding job details. The rule analysis retry option is available only when the status is Update Failed.

Note: If the policy has been updated after it has already been pushed to the endpoint, the status here is Update with a warning icon to notify you the policy has been changed but not pushed.

Policy Enforcement Group

This is the group to which the policy is assigned.

Log

This field displays the log setting for the policy.

Description

The user-created description for the policy.

Benefits of Threat Prevention Policy

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit