Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

About the Feed Sources Page

 

To access this page, click Configure > Threat Prevention > Feed Sources.

Policy Enforcer uses threat feeds to provide actionable intelligence to policies about various types of threats. These feeds can come from different sources, such as Sky ATP, Juniper ATP, and from lists that you can customize by adding IP addresses, domains, and URLs.

You can add allowlist and blocklist in Sky ATP and as well as in Custom feeds. When you add an allowlist or blocklist in Custom feeds, a warning message shows that it will erase the existing allowlist or a blocklist in Sky ATP, if any. You can only have one source for allowlist, blocklist, and infected host feeds.

Tasks You Can Perform

You can perform the following tasks from the Sky ATP page:

You can perform the following tasks from the JATP page:

You can perform the following tasks from the Custom Feeds page:

Field Descriptions

Table 1 provides guidelines on using the fields on the Feed Sources page.

Table 1: Fields on the Feed Sources Page

Field

Description

Sky ATP

Realm

Name of the Sky ATP realm.

Sites

Name of the site associated to the realm.

Devices

Name of the perimeter firewall devices that are enrolled to Sky ATP.

Location

Region of the Sky ATP realm.

Enrollment Status

Enrollment status of the realm.

Token Expiry

Expiry date and time of a token generated at the Sky ATP side when a realm is registered. The token will be valid for one year. Once the token expires, the status is flipped to Expired.

Thirty days prior to the expiry date, renew option is enabled to renew the token. Click Renew to renew the token. Enter the realm credentials in the renew window and if the realm credentials are valid, a new token is generated and assigned to the realm. The old and the expired token is deleted.

Note: The username (e-mail address) that you provide as realm credentials must exactly match with the username that is used while creating a realm in Juniper Sky ATP. To view the username in the Juniper Sky ATP user interface, go to Administration>Users.

The e-mail address used as a username is case sensitive. If there is a mismatch in the username, the validation of realm credentials fails and the token will not be renewed.

Feed Status

The consolidated status of all the feeds of a selected Sky ATP realm is shown here.

If the status of any one of the feeds is FAILED, then the consolidated status is shown as FAILED. Hover over the field to see the individual status of each feed. The status of IPv6 feeds are also listed along with other feed sources.

Last Downloaded

The date and time of the last time Policy Enforcer has requested the feeds from Sky ATP is shown here. Hover over the field to view a detailed list of date and time of each feed download.

JATP

Zone Name

Name of the Juniper ATP zone.

Sites

Name of the site associated to the zone.

Feed Status

The consolidated status of all the feeds of a selected Juniper ATP zone is shown here. Hover over the field to see the individual status of each feed. The status of IPv6 feeds are also listed along with other feed sources.

If the status of any one of the feeds is FAILED, then the consolidated status is shown as FAILED.

Last Downloaded

The date and time of the last time Policy Enforcer has requested the feeds from Juniper ATP is shown here. Hover over the field to view a detailed list of date and time of each feed download.

Devices

Name of the perimeter firewall devices that are enrolled to Juniper ATP.

Enrollment Status

Enrollment status of the zone.

Server IP Address

The IP address of the configured Juniper ATP appliance.

Custom Feeds

Name

Name of the custom feed.

Feed Type

Type of the custom feed. For example, dynamic address, allowlist, blocklist, infected hosts, or DDoS.

Last Updated

Date and time when the selected custom feed was last updated.

Days to Become Inactive

Number of days within which the custom feed is going to expire or become inactive.

Remote Download Status

View the status of downloading feeds from a remote file server to Policy Enforcer. This field is blank for the locally created custom feeds.

The following statuses are shown under different scenarios:

  • Pending—Status is shown as pending until Policy Enforcer downloads the new feeds from the remote file server.

  • Success—Status is shown as success when Policy Enforcer downloads the feeds successfully.

  • Failed—Status is shown as failed when downloading the feeds fails.

Description

View the description of your custom feed.

In the Custom Feeds page, you can search for any particular custom feed by its name and type of the custom feed. Click the filter icon and the following fields can be searchable:

  • Name—Enter the name of the custom feed to be searched.

  • Feed Type—Select the feed type from the list.