You are here: Monitor > Logs > ATP.
Use the monitoring functionality to view the ATP page. Analyzing the Juniper ATP logs yields information such as malware name, action taken, infected host, source of an attack, and destination of an attack.
ATP page is available on all the SRX Series devices except the SRX5000 line of devices.
Table 1 describes the fields on the ATP page.
Table 1: Fields on the ATP Page
Select the time from the list to view the activity that you are most interested in. Once the time is selected, all of the data presented in your view is refreshed automatically.
You can also use Customize to set a custom date and click Apply to view the specified ATP logs.
Click the refresh icon to get the latest ATP log information.
Show Hide Columns
This icon is represented by three vertical dots.
Enables you to show or hide a column in the grid.
Export to CSV
You can export the ATP log data to a comma-separated value (.csv) file.
Select the three vertical dots on the right-side of the page and click Export to CSV. The CSV file is downloaded to your local machine. You can download only maximum of 100 ATP log data.
Use the filter text box present above the table grid. The search includes the logical operators as part of the filter string. In the filter text box, when you hover over the icon, it displays an example filter condition. When you start entering the search string, the icon indicates whether the filter string is valid or not.
Click X to clear your search filters.
Click Save Filter to save filters after you specify the filtering criteria.
To save a filter:
Displays the saved filters list.
Hover over the saved filter name to view the query expression. You can delete the saved filter using the delete icon.
Displays the time when the ATP log was received.
Displays the ATP log type: Action, Malware event, SMTP action, and IMAP action.
Displays the source zone of the ATP log.
Displays the source IP address from where the ATP log occurred.
Displays the port number of the source.
Displays the username who downloaded the possible malware.
Displays the destination zone of the ATP log.
Displays the destination IP of the ATP log occurred.
Displays the destination port of the ATP log.
Displays the application name from which the ATP logs are generated.
Displays the action taken from the event: log, permit, and log and permit.
Displays the session ID of the ATP log.
Displays the name of policy that enforced this action.
Displays the number of times the C&C server has attempted to contact hosts on your network.
Displays the accessed URL name that triggered the event.
Displays the SHA-256 hash value of the downloaded file.
File Hash Lookup
Displays the hash of the file sent for matching against known malware.
Displays the name of the file, including the extension.
Displays the protocol that the C&C server used to attempt communication.
Displays the type of file. Examples: PDF, executable, document.
Displays the hostname of device that downloaded the possible malware.
Displays the a score or threat level for a file.
Displays the malware name or brief description.
Displays the email address.
Displays the email address.
Displays the internal unique identifier.