About the Feed Sources Page
To access this page, click Configure > Threat Prevention > Feed Sources.
Policy Enforcer uses threat feeds to provide actionable intelligence to policies about various types of threats. These feeds can come from different sources, such as Sky ATP, Juniper ATP, and from lists that you can customize by adding IP addresses, domains, and URLs.
You can add allowlist and blocklist in Sky ATP and as well as in Custom feeds. When you add a allowlist or blocklist in Custom feeds, a warning message shows that it will erase the existing allowlist or a blocklist in Sky ATP, if any. You can only have one source for allowlist, blocklist, and infected host feeds.
Tasks You Can Perform
You can perform the following tasks from the Sky ATP page:
Add a Sky ATP realm. See Creating Sky ATP Realms and Enrolling Devices or Associating Sites.
Inspect and manage email attachments sent over SMTP. See Sky ATP Email Management: SMTP Settings.
Configure email management for IMAP. See Configure IMAP Settings.
Configure Allowlist and Blocklist. See Creating Allowlist for Sky ATP Email and Malware Management and Creating Blocklists for Sky ATP Email and Malware Management.
Configure file inspection profiles. See Creating File Inspection Profiles.
Edit the Sky ATP realm. See Modifying Sky ATP Realm.
Delete the Sky ATP realm.
You can perform the following tasks from the JATP page:
Add JATP server. See Add JATP Server.
Edit the JATP server configuration. See Edit or Delete a JATP Server
Delete the JATP server.
You can perform the following tasks from the Custom Feeds page:
Create custom feeds for the dynamic address, allowlist, blocklist, infected hosts, and DDoS feed types. See Creating Custom Feeds.
Configure settings. See Configuring Settings for Custom Feeds.
Edit the custom feed.
Delete the custom feed.
Table 1 provides guidelines on using the fields on the Feed Sources page.
Table 1: Fields on the Feed Sources Page
Name of the Sky ATP realm.
Name of the site associated to the realm.
Name of the perimeter firewall devices that are enrolled to Sky ATP.
Region of the Sky ATP realm.
Enrollment status of the realm.
Expiry date and time of a token generated at the Sky ATP side when a realm is registered. The token will be valid for one year. Once the token expires, the status is flipped to Expired.
Thirty days prior to the expiry date, renew option is enabled to renew the token. Click Renew to renew the token. Enter the realm credentials in the renew window and if the realm credentials are valid, a new token is generated and assigned to the realm. The old and the expired token is deleted.
Note: The username (e-mail address) that you provide as realm credentials must exactly match with the username that is used while creating a realm in Juniper Sky ATP. To view the username in the Juniper Sky ATP user interface, go to Administration>Users.
The e-mail address used as a username is case sensitive. If there is a mismatch in the username, the validation of realm credentials fails and the token will not be renewed.
The consolidated status of all the feeds of a selected Sky ATP realm is shown here.
If the status of any one of the feeds is FAILED, then the consolidated status is shown as FAILED. Hover over the field to see the individual status of each feed. The status of IPv6 feeds are also listed along with other feed sources.
The date and time of the last time Policy Enforcer has requested the feeds from Sky ATP is shown here. Hover over the field to view a detailed list of date and time of each feed download.
Name of the Juniper ATP zone.
Name of the site associated to the zone.
The consolidated status of all the feeds of a selected Juniper ATP zone is shown here. Hover over the field to see the individual status of each feed. The status of IPv6 feeds are also listed along with other feed sources.
If the status of any one of the feeds is FAILED, then the consolidated status is shown as FAILED.
The date and time of the last time Policy Enforcer has requested the feeds from Juniper ATP is shown here. Hover over the field to view a detailed list of date and time of each feed download.
Name of the perimeter firewall devices that are enrolled to Juniper ATP.
Enrollment status of the zone.
Server IP Address
The IP address of the configured Juniper ATP appliance.
Name of the custom feed.
Type of the custom feed. For example, dynamic address, allowlist, blocklist, infected hosts, or DDoS.
Date and time when the selected custom feed was last updated.
Days to Become Inactive
Number of days within which the custom feed is going to expire or become inactive.
Remote Download Status
View the status of downloading feeds from a remote file server to Policy Enforcer. This field is blank for the locally created custom feeds.
The following statuses are shown under different scenarios:
View the description of your custom feed.
In the Custom Feeds page, you can search for any particular custom feed by its name and type of the custom feed. Click the filter icon and the following fields can be searchable:
Name—Enter the name of the custom feed to be searched.
Feed Type—Select the feed type from the list.