Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Monitor Threats Map (Live)

You are here: Monitor > Threats Map (Live).

Note Threats Map (Live) page is available on all the SRX Series devices except the SRX5000 line of devices.

Use this page to visualize incoming and outgoing threats between geographic regions. You can view blocked and allowed threat events based on feeds from intrusion prevention systems (IPS), antivirus, antispam engines, Juniper Sky ATP, and screen options. You can also click a specific geographical location to view the event count and the top five inbound and outbound IP addresses.

Note To view the data on the Threats Map (Live) page, ensure that:

  • Security logging is enabled. If not, go to Configure > Device Settings > Basic Settings > Security Logging and enable Logging.

  • Required firewall policy is configured on the device.

  • Required licenses are configured for IPS and antivirus.

  • Your device is enrolled to the Juniper Sky ATP server.

The threat data is displayed starting from 12:00 AM (midnight) up to the current time (in your time zone) on that day and is updated every 30 seconds. The current date and time is displayed at the top right and a legend is displayed at the bottom left of the page.

If a threat occurs when you are viewing the page, an animation shows the country from which the threat originated (source) and the country in which the threat occurred (destination).

Note Threats with unknown geographical IP addresses and private IP addresses are displayed as UNKNOWN_COUNTRY.

Field Descriptions

Table 103 displays the fields of the Threats Map (Live) page.

Table 103: Fields on the Threats Map (Live) Page

Field

Description

Total Threats Blocked & Allowed

Displays the total number of threats blocked and allowed. Click the hyperlinked number to go to the All Events (Monitor > Events > All Events) page (filtered view of the Grid View tab), where you can view more information about the IPS, virus, spam, Juniper Sky ATP, and screen events.

Threats Blocked & Allowed

Displays the total number of threats blocked and allowed by the following categories:

  • IPS Threats

  • Virus

  • Spam

  • Screen

  • Juniper Sky ATP

Click the hyperlinked number for a category to go to the page for that category, where you can view more information about that category. For example, clicking the hyperlinked number for IPS threats takes you to the IPS (Monitor > Events > IPS) page (filtered view of the Grid View tab).

Top Destination Countries

Displays the top five destination countries and the number of threats per country. Click the hyperlink for a country to go to the All Events (Monitor > Events > All Events) page (filtered view of the Grid View tab), where you can view more information about the IPS, virus, spam, Juniper Sky ATP, and screen events for that country.

Top Source Countries

Displays the top five source countries and the number of threats per country. Click the hyperlink for a country to go to the All Events (Monitor > Events > All Events) page (filtered view of the Grid View tab), where you can view more information about the IPS, virus, spam, Juniper Sky ATP, and screen events for that country.

Threat Types

The Threats Map (Live) page displays blocked and allowed threat events based on feeds from IPS, antivirus, antispam engines, Juniper Sky ATP, and screen options. Table 104 describes different types of threats blocked and allowed.

Table 104: Types of Threats

Attack

Description

IPS threat events

Intrusion detection and prevention (IDP) attacks detected by the IDP module.

The information reported about the attack (displayed on the IPS (Monitor > Events > IPS) page) includes information about:

  • Specific events names

  • Specific event names with either source or destination country

Virus

Virus attacks detected by the antivirus engine.

The information reported about the attack (displayed on the Antivirus (Monitor > Events > Antivirus) page) includes information about:

  • Specific events names

  • Specific event names with either source or destination country

Spam

E-mail spam that is detected based on the blacklist spam e-mails.

The information reported about the attack (displayed on the Antispam (Monitor > Events > Antispam) page) includes information about:

  • Specific events names

  • Specific event names with source country

Juniper Sky ATP

Events that are detected based on Juniper Sky ATP policies.

The information reported about the attack (displayed on the Screen (Monitor > Events > ATP) page) includes information about:

  • Specific events names

  • Specific event names with either source or destination country

Screen

Events that are detected based on screen options.

The information reported about the attack (displayed on the Screen (Monitor > Events > Screen) page) includes information about:

  • Specific events names

  • Specific event names with either source or destination country

Tasks You Can Perform

You can perform the following tasks from this page:

Table 105: Country-Specific Threat Information

Field

Description

Displayed in Country-Name pop-up

Number of threat events Threat Events since 12:00 am

Displays the total number of threat events (inbound and outbound) since midnight for that country.

Click the hyperlinked number to go to the All Events (Monitor > Events > All Events) page, where you can view more information about the events.

Inbound (Number of threat events)

Displays the total number of inbound threats for the country and the IP address and the number of events for that IP address for the top five inbound events.

Click View All to view all the destination IP address with threat events count.

Outbound (Number of threat events)

Displays the total number of outbound threats for the country and the IP address and the number of events for that IP address for the top five outbound events.

Click View All to view all the source IP address with threat events count.

View Details—Displayed in Country-Name (Details) panel

Number of threat events Threat Events since 12:00 am

Displays the total number of threat events (inbound and outbound) since midnight for that country.

Click the hyperlinked number to go to the All Events (Monitor > Events > All Events) page, where you can view more information about the events.

Number of Inbound Events

Displays the total number of inbound threats for the country and the number of inbound threat events for each of the following categories:

  • IPS Threats

  • Virus

  • Spam

  • Screen

  • Juniper Sky ATP

Click the hyperlinked number for a category to go to the page for that category, where you can view more information about that category. For example, clicking the hyperlinked number for IPS threats takes you to the IPS (Monitor > Events > IPS) page.

Click Top 5 IP Addresses (Inbound) to view the IP address and the number of events for that IP address for the top five inbound events.

Click View All IP Addresses to view all the destination IP addresses and number of events for that IP address.

Note: You can view or select View All IP Addresses only after you click Top 5 IP Addresses (Inbound).

Number of Outbound Events

Displays the total number of outbound threats for the country and the number of outbound threat events for each of the following categories:

  • IPS Threats

  • Virus

  • Spam

  • Screen

  • Juniper Sky ATP

Click the hyperlinked number for a category to go to the page for that category, where you can view more information about that category. For example, clicking the hyperlinked number for screens takes you to the Screen (Monitor > Events > Screen) page.

Click Top 5 IP Addresses (Outbound) to view the IP address and the number of events for that IP address for the top five outbound events.

Click View All IP Addresses to view all the source IP addresses and number of events for that IP address.

Note: You can view or select View All IP Addresses only after you click Top 5 IP Addresses (Outbound).

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit