Starting in Junos OS Release 19.2R1, you can monitor the security intelligence events.
Use the monitoring functionality to view the Security Intelligence page.
To monitor security intelligence events, select Monitor > Events > Security Intelligence.
Using the time-range slider, you can quickly focus on the time and area of activity that you are most interested in. Once the time range is selected, all of the data presented in your view is refreshed automatically. You can also use the Custom button to set a custom time range.
You can select either the Grid View tab or the Chart View tab to view your data:
Grid View—View the comprehensive details of security intelligence events in a tabular format that includes sortable columns. You can group the events using the Group By option. For example, you can group the events based on source country. The table includes information such as the event name, source address, source country, destination country, and so on. Table 35 describes the fields on the Grid View page.
Chart View—View a brief summary of all the security intelligence events in your network. The top of the page has a swim lane graph of all the security intelligence events. You can use the widgets at the bottom of the page to view critical information such as, top compromised host and top C&C Servers. Table 36 describes the widgets on the Chart View page.
Table 35: Security Intelligence—Fields on the Grid View Page
Field | Description |
|---|---|
Timestamp | The time when the log was received. |
Event Name | Event name of the log. |
Source Country | Source country name from where the event originated. |
Source Address | Source IP address from where the event occurred. |
Destination Country | Destination country name from where the event occurred. |
Destination Address | Destination IP address of the event. |
Destination Port | Destination port of the event. |
Source Port | Source port of the event. |
Description | Description of the log. |
Source Zone Name | The name of log source zone. |
Host Name | The name of the host user in contact with the command and control server. |
Action | The action taken on the communication (permitted or blocked). |
Interface Name | Name of the interface. |
Domain | Displays the network or subnetwork to which the device belongs. |
Table 36: Security Intelligence—Widgets on the Chart View Page
Field | Description |
|---|---|
Top Compromised Hosts | A list of the top compromised hosts based on their associated threat level and blocked status. |
Top C&C Servers | A color-coded map displaying the location of Command and Control servers. Click a location on the map to view the number of detected sources. |