About the Feed Sources Page
To access this page, click Configure > Threat Prevention > Feed Sources.
Policy Enforcer uses threat feeds to provide actionable intelligence to policies about various types of threats. These feeds can come from different sources, such as Juniper ATP Cloud, Juniper ATP, and from lists that you can customize by adding IP addresses, domains, and URLs.
You can add allowlist and blocklist in Juniper ATP Cloud and as well as in Custom feeds. When you add an allowlist or blocklist in Custom feeds, a warning message shows that it will erase the existing allowlist or a blocklist in Juniper ATP Cloud, if any. You can only have one source for allowlist, blocklist, and infected host feeds.
Tasks You Can Perform
You can perform the following tasks from the Juniper ATP Cloud page:
Add ATP Cloud realm. See Creating Juniper ATP Cloud Realms and Enrolling Devices or Associating Sites.
Inspect and manage email attachments sent over SMTP. See Juniper ATP Cloud Email Management: SMTP Settings.
Configure email management for IMAP. See Configure IMAP Settings.
Configure Allowlist and Blocklist. See Creating Allowlist for Juniper ATP Cloud Email and Malware Management and Creating Blocklists for Juniper ATP Cloud Email and Malware Management.
Configure file inspection profiles. See Creating File Inspection Profiles.
Edit the ATP Cloud realm. See Modifying Juniper ATP Cloud Realm.
Delete the ATP Cloud realm.
You can perform the following tasks from the JATP page:
Add JATP server. See Add JATP Server.
Edit the JATP server configuration. See Edit or Delete a JATP Server
Delete the JATP server.
You can perform the following tasks from the Custom Feeds page:
Create custom feeds for the dynamic address, allowlist, blocklist, infected hosts, DDoS, and C&C Server feed types. See Creating Custom Feeds.
Configure settings. See Configuring Settings for Custom Feeds.
Edit the custom feed.
Delete the custom feed.
Field Descriptions
Table 1 provides guidelines on using the fields on the Feed Sources page.
Table 1: Fields on the Feed Sources Page
Field | Description |
|---|---|
| ATP Cloud | |
Realm | Name of the Juniper ATP Cloud realm. |
Sites | Name of the site associated to the realm. |
Devices | Name of the perimeter firewall devices that are enrolled to Juniper ATP Cloud. |
Location | Region of the Juniper ATP Cloud realm. |
Enrollment Status | Enrollment status of the realm. |
Token Expiry | Expiry date and time of a token generated at the Juniper ATP Cloud side when a realm is registered. The token will be valid for one year. Once the token expires, the status is flipped to Expired. Thirty days prior to the expiry date, renew option is enabled to renew the token. Click Renew to renew the token. Enter the realm credentials in the renew window and if the realm credentials are valid, a new token is generated and assigned to the realm. The old and the expired token is deleted. Note: The username (e-mail address) that you provide as realm credentials must exactly match with the username that is used while creating a realm in Juniper ATP Cloud. To view the username in the Juniper ATP Cloud user interface, go to Administration>Users. The e-mail address used as a username is case sensitive. If there is a mismatch in the username, the validation of realm credentials fails and the token will not be renewed. |
Feed Status | The consolidated status of all the feeds of a selected Juniper ATP Cloud realm is shown here. If the status of any one of the feeds is FAILED, then the consolidated status is shown as FAILED. Hover over the field to see the individual status of each feed. The status of IPv6 feeds are also listed along with other feed sources. |
Last Downloaded | The date and time of the last time Policy Enforcer has requested the feeds from Juniper ATP Cloud is shown here. Hover over the field to view a detailed list of date and time of each feed download. |
| JATP | |
Zone Name | Name of the Juniper ATP zone. |
Sites | Name of the site associated to the zone. |
Feed Status | The consolidated status of all the feeds of a selected Juniper ATP zone is shown here. Hover over the field to see the individual status of each feed. The status of IPv6 feeds are also listed along with other feed sources. If the status of any one of the feeds is FAILED, then the consolidated status is shown as FAILED. |
Last Downloaded | The date and time of the last time Policy Enforcer has requested the feeds from Juniper ATP is shown here. Hover over the field to view a detailed list of date and time of each feed download. |
Devices | Name of the perimeter firewall devices that are enrolled to Juniper ATP. |
Enrollment Status | Enrollment status of the zone. |
Server IP Address | The IP address of the configured Juniper ATP appliance. |
| Custom Feeds | |
Name | Name of the custom feed. |
Feed Type | Type of the custom feed. For example, dynamic address, allowlist, blocklist, infected hosts, DDoS, or C&C Server. |
Last Updated | Date and time when the selected custom feed was last updated. |
Days to Become Inactive | Number of days within which the custom feed is going to expire or become inactive. |
Remote Download Status | View the status of downloading feeds from a remote file server to Policy Enforcer. This field is blank for the locally created custom feeds. The following statuses are shown under different scenarios:
|
Description | View the description of your custom feed. |
In the Custom Feeds page, you can search for any particular custom feed by its name and type of the custom feed. Click the filter icon and the following fields can be searchable:
Name—Enter the name of the custom feed to be searched.
Feed Type—Select the feed type from the list.