Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

All-in-One CLI Commands

 

This chapter describes the administration commands for a Juniper ATP Appliance All-in-One server appliance, software appliance or virtual appliance.

These commands are used to configure the Juniper ATP Appliance All-in-One appliance, manage configurations, and set system-level settings for interfaces, network services, and SIEM integration.

Note

You must enclose non-alphabet characters in double quotes in CLI commands.

Basic Mode Commands

Use general system commands to configure the appliance, view appliance history, enter other CLI modes, obtain help with CLI syntax, and to exit the CLI session.

The general commands are:

Refer to the sections in this guide to review CM Mode, Collector Mode, Core Mode, Diagnosis Mode, Server Mode and Wizard mode commands per device-- All-in-One, CoreCM, Traffic Collector and Mac OS X Detection Engine on a Mac Mini.

CM Commands

Core Mode Commands

Server Mode Commands

Collector Mode Commands

Diagnosis Mode Commands

All-in-One CLI Commands

capture-start

Table 1: capture-start

Description

Starts packet capture as a means for diagnosing and debugging network traffic and obtaining stats.

See Also:diagnosis [mode]; collector[mode];copy

Product(s) CLI

All-in-One | Collector

Mode(s)

Diagnosis

Syntax

capture-start

Parameters

<interface_name><IP address>

Sub-Commands

None

Example

The following example starts a packet capture process on interface eth1 for a Traffic Collector with IP address 8.8.8.8:

hostname # diagnosis

hostname (diagnosis)# capture-start eth1 8.8.8.8

Note: Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that the capture filters on.

cm

Table 2: cm

Description

Enters cm (Central Manager) mode.

See Also: basic [mode];

Product(s) CLI

All-in-One | Core

Mode(s)

Basic

Syntax

cm

Parameters

None

Sub-Commands

exit | help | history | upgrade

Example

The following command example enters cm configuration mode:

hostname # cm

hostname (cm)#

collector

Table 3: collector

Description

Enters the Collector configuration mode.

See Also: server[mode]

Product(s) CLI

All-in-One | Collector

Mode(s)

Basic

Syntax

collector

Parameters

None

Sub-Commands

exit;help;history;set (server mode);show (collector mode)

Example

The following example enters collector configuration mode:

hostname # collector

hostname (collector)# ?

copy

Table 4: copy

Description

Uses Secure Copy (SCP) to copy and transfer packet capture or traceback (crash) data to a remote location, providing the same authentication and level of security as an SSH transfer.

The copy traceback command, upon Customer Support's request, copies the traceback files out of the box to a remote location.

See Also: diagnosis[mode]; capture-start

Product(s) CLI

All-in-One | Collector | Core-CM | Mac OSX Engine

Mode(s)

Diagnosis

Syntax

copy capture <scp source_file_name username@destination_host:destination_folder> | traceback {<tab> | ALL} <string URI as user@hostname:path

Parameters

copy capture <scp remote filename_location>

copy traceback <ALL | filename>

copy traceback <tab> [tab displays all available crash filenames]

Sub-Commands

None

Example

The following example copies the file "Eth1.txt" from the local host to a remote host:

hostname (diagnosis)# copy capture Eth1.txt

admin@remotehost.edu:/some/remote/directory

core

Table 5: core

Description

Enters core mode.

See Also: basic [mode];

Product(s) CLI

All-in-One | Collector | Core | Mac OS X Detection Engine

Mode(s)

Basic

Syntax

core

Parameters

None

Sub-Commands

exit, help, history, show, updateimage

Example

The following command example enters core configuration mode:

hostname # core

hostname (core)#

diagnosis

Table 6: diagnosis

Description

Enters the Diagnosis configuration and status check mode.

See Also: collector [mode], server [mode]

Product(s) CLI

All-in-One | Collector | Mac OS X Detection Engine

Mode(s)

Basic

Syntax

diagnosis

Parameters

None

Sub-Commands

capture-start;copy;exit;gssreport;help;history;set (server mode);setupcheck;show (diagnosis mode);shutdown

Example

The following example enters diagnosis configuration and status check mode:

hostname # diagnosis

hostname (diagnosis)# ?

exit

Table 7: exit

Description

Ends the CLI session.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Core | Collector | Diagnosis | Server

Syntax

exit

Parameters

None

Example

The following example ends a command mode or CLI session.

JATP# (diagnosis) exit

JATP#

JATP (core) exit

JATP# exit

gssreport

Table 8: gssreport

Description

Use the gssreport command to submit reports to Juniper Global Security Services (GSS), and to display the status of the current GSS report.

See Also:gssreport ; diagnosis[mode]

Product(s) CLI

All-in-One | Collector | Mac OS X Detection Engine

Mode(s)

diagnosis

Syntax

gssreport status | submit

Parameters

status - displays the status of the current GSS report.

submit - submits a report to Juniper ATP Appliance GSS.

Sub-Commands

None

Example

The following examples display the status of a GSS report submission:

	hostname # diagnosis				
hostname (diagnosis)# gssreport submit
Successfully started GSS report
hostname (diagnosis)# gssreport status
GSS is currently enabled
Last 5-minute GSS report at 2015-07-28 10:34:24.414322:
successfully submitted
Last hourly GSS report at 2015-07-28 10:34:24.468259:
successfully submitted
Last daily GSS report at 2015-07-28 10:34:28.225512:
successfully submitted

help

Table 9: help

Description

Displays information about the CLI help system.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Core | Collector | Diagnosis | Server

Syntax

help

Parameters

None

Example

The following example shows some of the output of the help command.

CONTEXT SENSITIVE HELP
[?] - Display context sensitive help. This is either a list of possible command completions with summaries, or the full syntax of the current command. A subsequent repeat of this key, when a command has been resolved, will display a detailed reference.
AUTO-COMPLETION
The following keys both perform auto-completion for the current command line. If the command prefix is not unique then the bell will ring and a subsequent repeat of the key will display possible completions.
[enter] - Auto-completes, syntax-checks then executes a command.
If there is a syntax error then offending part of the command line will be highlighted and explained.
[tab] - Auto-completes
[space] - Auto-completes, or if the command is already resolved inserts a space.
If “<cr>” is shown, that means that what you have entered so far is a complete command, and you may press Enter (carriage return) to execute it.
Use ? to learn command parameters and option:
JATP (server)# show f?
firewall Show the firewall configuration settings
interface
JATP (server)# show firewall?
all Show the current iptables settings
whitelist Show the iptables whitelist settings
show firewall whitelist?
<cr>
show firewall whitelist

history

Table 10: history

Description

Displays the current CLI session command line history.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Core | Collector | Diagnosis | Server

Syntax

history

Parameters

None

Example

The following examples returns command line history for the current CLI session.

JATP# (core) history

ifrestart

Table 11: ifrestart

Description

Restarts the interface driver and services using the interface.

Product(s) CLI

All-in-One | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

ifrestart eth0 | eth1

Parameters

eth0

Restarts the management network administra interface.

eth1

Restarts the monitoring network interface.

Example

The following example restarts the eth0 interface for the management network.

<FireEye_name># ifrestart eth0

ping

Table 12: ping

Description

Sends ICMP (Internet Control Message Protocol) echo request packets to a specified host name or IP address to verify that the destination is reachable over the network.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

ping [-c count] [-h hops] [string]

Parameters

-ccount

Number of echo requests to send. By default, pings ar continuously until you press Ctrl+C.

-hhops

Number of next hops between pings (default is 1).

string

IP address, hostname or interface name used to ping device address

Example

The following example sends three echo requests to the device with the IP Address 10.10.10.1

<FireEye_name># ping -c 3 10.10.10.1

PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_req=1 ttl=64 time=0.314 ms
64 bytes from 10.10.10.1: icmp_req=2 ttl=64 time=0.277 ms
64 bytes from v: icmp_req=3 ttl=64 time=0.274 m
--- 10.10.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.274/0.288/0.314/0.022 ms

reboot

Table 13: reboot

Description

Reboots the Juniper ATP Appliance.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

reboot

Parameters

None

Example

The following example reboots the system.

hostname# reboot

restart

Table 14: restart

Description

Restarts Juniper ATP Appliance services.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

restart [all | behaviorengine | cm | collector | core | correlationengine | database | ntpserver | sshserver | staticengine | webserver]

Parameters

all

Restarts all Juniper ATP Appliance services.

behaviorengine

Restarts the Behavioral Analysis Engine

cm

Restarts the Central Manager Web UI service.

collector

Restarts the Collector service.

core

Restarts the Core Detection Engine.

correlationengine

Restarts the Correlation Engine.

database

Restarts the Database.

ntpserver

Restarts the NTP server.

sshserver

Restarts the SSH server.

staticengine

Restarts the Static Analysis Engine.

webserver

Restarts the web server.

Example

The following example restarts the Central manager service.

JATP# restart cm

restore

Table 15: restore

Description

Restores the system configuration to the factory default settings. This will only reset the password to default temporarily.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

server

Syntax

restore [support | firewall {backup | default} | hostname | network]

Whitelist rules rely on normal service shutdown to be backed up.Powering off a VM directly will lose the whitelist state as rules cannot be saved in that case.

Parameters

Note: vCore for AWS does not use the following CLI commands: restore hostname restore network

support

Restores the default support password setting remote login (set during initial installation per l See also (server)# set (server mode)

firewall {backup | default}

Restores the firewall settings from either the pr backup, or from the default factory settings.

hostname

Restores the system’s hostname to the factory hostname.

network

Restores the IP address and DNS settings to th factory default settings.

 

Warning: This command option removes the current IP address and DNS settings, and reloads the default values for these settings.

Example

The following example restores the system.

JATP# restore

This next example restores the SSH login “support” password to the default

JATP # restore support password

Restore the default support password? (Yes/No)? yes

support password was restored successfully!

server

Table 16: server

Description

Enters the server configuration mode.

See Also: collector

Product(s) CLI

All-in-One | Collector | Core/CM | Mac Mini Mac OS X

Mode(s)

Basic

Syntax

server

Sub-Commands

exit; help; history; ifrestart; ping; reboot; restore; set (server mode); upgrade

Whitelist rules rely on normal service shutdown to be backed up.Powering off a VM directly will lose the whitelist state as rules cannot be saved in that case.

Example

The following example enters server configuration mode:

hostname # server
hostname (server) # ?

set honeypot (collector mode)

Table 17: set honeypot

Description

Enables and disables the SSH-Honeypot feature for a Traffic Collector.

A honeypot can be deployed within a customer network to detect network activity generated by malware attempting to infect or attack other machines in a local area network. These attempted SSH logins can be used to supplement detection of lateral spread.

There are two parameters that can be set for a honeypot:

  • Enable/disable a honeypot

  • Set a Static IP (IP, mask, and gateway) or DHCP of a publicly addressable interface

See Also: show honeypot command in show (collector mode)

Product(s) CLI

All-in-One | Collector

Mode(s)

collector

Syntax

(collector)# set honeypot ssh-honeypot enable dhcp
(collector)# set honeypot ssh-honeypot enable address (IP address) netmask (subnet IP) gateway (IP address)
(collector):# set honeypot ssh-honeypot disable

Example

The following example enables the SMB parser for lateral detections:

(collector)# set honeypot ssh-honeypot enable address 1.2.3.4 netmask 255.255.0.0 gateway 1.2.3.1

Note: The static IP configuration does not require configuring DNS. Honeypots do not require a DNS server at this time.

set traffic-monitoring (for JATP700 Appliances only) (collector mode)

Table 18: set traffic-monitoring

Description

Sets the traffic monitoring interface on the JATP700

Product(s) CLI

All-in-One | Collector

Mode(s)

collector

Syntax

# set traffic-monitoring-ifc 1gb_ifc

Set the traffic monitoring interface to be the 1G interface.

# set traffic-monitoring-ifc 10gb_ifc

Set the traffic monitoring interface to be the 10G interface.

Note: After making an interface type change, the system must be rebooted for the change to take effect.

set traffic-filter (collector mode)

Table 19: set traffic-filter

Description

Sets traffic filter rules to avoid analysis on a set of configured traffic, which cannot be made retroactive; for example: any analysis skipped as a result of the filtering cannot be reversed. This command can be applied to an entire network/subnet/ CIDR range.

See Also:set (server mode);show (diagnosis mode) [show traffic-filter]

Product(s) CLI

All-in-One | Collector

Mode(s)

collector

Syntax

set traffic-filter {add <rule_name> <domain> <sourceaddress> <destination-address> <source-port> <destination-port> <protocol> | remove <rule_name>}

Parameters

traffic-filter add

Adds a traffic filter rule where:

<RuleString>

“RuleString” is the name of the rule

<Dom ainString>

“DomainString” is the domain to filter out

<sourc eaddress>

“source-address” is the source IPv4 address or network (CIDR)

<destination-address>

“destination-address” is the destination IPv4 address or network (CIDR)

<source-port>

“source-port” is the source port number (0-65535)

<destinationport>

“destination-port” is the destination port number

<protocol>

(0-65535)“protocol” is the protocol type: either IP, TCP, UDP or HTTP

Example

The following example add a traffic filter rule to the Traffic Collector.

JATP-collector02(collector)# set traffic-rule add CustomRule2 headqrts.example.com 10.2.00/16 20.0.0.2 90 120 tcp

where destination-address is 20.0.0.2, destination-port is 120, protocol is tcp, source-address is 10.2.0.0/16 and source-port is 90 (in our example).

set protocols (collector mode)

Table 20: set protocols

Description

Enables and disables the HTTP or SMB parser for a Traffic Collector.

See Also: show protocols command in show (collector mode)

Product(s) CLI

All-in-One | Collector

Mode(s)

collector

Syntax

(collector)# set protocols {http [on|off] | smb [on|off]}

Example

The following example enables the SMB parser for lateral detections:

hostname (collector) set protocols smb on

set proxy (collector mode)

Table 21: set proxy

Description

Sets an Inside or Outside data path proxy from collector mode.

Deploy Traffic Collectors in locations where the monitoring interface is (1) placed “outside” between the proxy and the egress network for customer environments in which the proxy supports XFF (X-Forwarded-For), or (2) [the more typical deployment scenario], the Collector is placed between the proxy and the internal network using FQDN (if available) to identify the threat source for all types of incidents (“inside” proxy). When configured, the Juniper ATP Appliance Traffic Collector will monitor all traffic and correctly identify source and destination hosts for each link in the kill chain wherever the data allows for it.

Note that if the “X-Forwarded-For” header is provided in the HTTP request, detection will identify threat targets when deployed outside of the proxy (customers can choose to disable the XFF feature in the proxy setting, if desired).

See Also: set (server mode)[“set proxy” command for management network]; set (diagnosis mode);

Note: The mitigation IP address of a CNC server is not be available for Inside proxy deployments. When a Juniper ATP Appliance is deployed behind a proxy, the Mitigation-> Firewall page in the Juniper ATP Appliance Central Manager Web UI (which typically displays the CNC server IP address to mitigate) will be empty. The destination IP address of any callback is made to the proxy server ip address, so it is not relevant to display the proxy server IP address on the Mitigation->Firewall page.

Product(s) CLI

All-in-One | Collector

Mode(s)

collector

Syntax

set proxy inside {add <proxy IP address> <proxy port> | remove <proxy IP address> <proxy port>

set proxy outside {add <proxy IP address> | remove <proxy IP address>

Parameters

inside

Sets the inside proxy IP addresses

outside

outside Sets the outside proxy IP addresses

add Adds

a proxy configuration.

remove

Removes a proxy configuration.

Example

The following example sets an inside data path proxy:

JATP (collector)# set proxy inside add 10.1.1.1 8080

The following example sets an outside data path proxy:

JATP (collector)# set proxy outside add 10.2.1.1

set (diagnosis mode)

Table 22: set

Description

Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.

See Also:set (server mode); set (collector mode)

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

set logging

Parameters

all

Sets logging for all Juniper ATP Appliance components.

default

Sets logging to the default parameters

debug

Sets logging at the debug level.

info

Sets logging at the info level.

warning

Sets logging at the warning level.

error

Sets logging at the error level.

critical

Sets logging at the critical level.

Example

The following example sets the default logging level for all Juniper ATP Appliance components.

JATP# set logging all

set appliance-type (server mode)

Table 23: set appliance-type

Description

Change the appliance type at any time. For example, change from All-In-One to Core/CM. Note that if you change the appliance type after the initial installation, all data files related to the current type are lost and you must set up the appliance as you would a fresh box.

Product(s) CLI

All-in-One | Core CM | Collector

Mode(s)

server

Syntax

jatp:AIO#(server)# set appliance-type core-cm

Parameters

all-in-one

core-cm

email-collector

traffic-collector

Example

The following example changes the form factor of the appliance from all-in-one (the default) to core-cm:

jatp:AIO#(server)# set appliance-type core-cm
This will result in the deletion of all data and configurations not relevant to the new form factor.
Proceed? (Yes/No)? Yes

set ip interface (server mode)

Table 24: set ip interface

Description

Sets the management interface (eth0) and/or the alternate-exhaust interface (eth2) for the Juniper ATP Appliance.

Refer to the Operator’s Guide for information about configuring the optional alternate analysis engine eth2 interface option (it moves CnC traffic during analysis engine processing off the enterprise’s eth0 management network).

See Also:set (server mode);set protocols (collector mode);show (core mode);shutdown

Product(s) CLI

All-in-One | Core CM | Mac Mini OS X Detection Engine

Mode(s)

server

Syntax

(server) # set ip interface management <dhcp | address | netmask | gateway>
(server) # set ip interface alternate-exhaust <address | netmask | gateway>

Parameters

dhcp

Enables DHCP for the management or alternate-exhaust interface.

address

Sets the static IP address for the management (eth0) or lternate-exhaust (eth2) interface,

netmask

Sets the netmask for the management network or the alternate-exhaust network.

gateway

Sets the Gateway IP address for the management interfac or the optiona alternate-exhaust network.

Example

The following example configures the management interface (eth0) for a Juniper ATP Appliance Core device:

JATP (server)# set ip interface management address
10.2.123.18 netmask 255.255.255.0 gateway 10.2.0.1

The following example configures the management interface (eth0) using DHCP:

JATP (server)# set ip interface management dhcp

This example configures the alternate-exhaust interface (eth2) for a Juniper ATP Appliance Core device:

JATP (server)# set ip interface alternate-exhaust address 10.2.123.12 netmask 255.255.255.0 gateway 10.2.0.2

set (server mode)

Table 25: set

Description

Configure the system settings.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server, See Also:set (diagnosis mode);set traffic-filter (collector mode)

Syntax

set [autoupdate {on | off} | cli timeout secs | clock | cm address | support {enable | disable} localmode {enable | disable}| passphrase string | dns | firewall {all <backup | flush> | whitelist} | hostname string | ip interface {management | alternate-exhaust}| ntpserver | password | proxy {config | enabled | remove} | timezone string | uipassword]

Parameters

(Columns below)

Note: vCore for AWS does not use the following CLI commands:

set ip

set hostname

[Users cannot set static IP address or change the hostname directly on an EC2 AWS instance]

server mode “set proxy” command is a management network proxy tool; for data path Collector proxy configurations, refer to

set proxy (collector mode)

autoupdate {content | software} {on | off}
cli timeout secs
clock
cm address
set support {enable | disable} | {localmode}
dns
firewall {all <backup | flush> | whitelist <add | delete | flush>}
hostname string
ip interface {management | alternateexhaust} <dhcp | address | netmask | gateway}

Turn on or off automatic product updates. set autoupdate content on

Sets CLI timeout period in seconds (0 indicates no timeout).

Sets the current date and time.

Sets the IP address of the Central Manager and netmask using the slash notation; example: AAA.BBB.CCC.DD/X

Enables remote SSH login “support” account or localmode enable|/disable.

Sets DNS (or enables DHCP for DNS) for the management interface by default if interface is unspecified.

Backs up or flushes (clears) all current iptables for a firewall, or adds, deletes or flushes the current iptables whitelist-specific settings for the firewall.

The “add” option adds an IP address to the iptables outbound whitelist.

# set firewall whitelist add 10.1.1.1

Sets the system’s host name.

Sets the IP address, netmask, or default gateway, or enables DHCP for the management or alternate-exhaust interface.

ntpserver
passphrase string
password

Sets the Network Time Protocol (NTP) server.

Sets the device key password; enter a string.

Sets a new password for the CLI administrator.

proxy {config <all|http> | enabled <on|off> | remove <all|http>}

Config, enable/disable, or remove “all” proxy configs, or remove an HTTP-specific proxy server.

Tip: Tip: Config the proxy for “all” protocols first, and then change HTTP proxy as needed.

timezone string

Sets the timezone for the device.

uipassword

Sets a new admin password for CM Web UI access.

Example

The following example disables the CLI timeout counter.

JATP (server)# set cli timeout 0

The following example enables support:

JATP (server)# set support enable

set system-alert (server mode)

Table 26: set system-alert

Description

Configure the traffic threshold and checking interval for the Collector “monitored traffic” health status.

When the monitored traffic of a collector within the checking interval time is lower than the threshold, a system health alert is generated. You can send an email notification of the alert if email notifications of system health events are configured.

Product(s) CLI

All-in-One | Core CM

Mode(s)

Server, See Also:set (diagnosis mode);set traffic-filter (collector mode); show

Syntax

set system-alert traffic <integer> time <interval>

Note: Note that both "traffic" and "time" parameters are required in order to set the threshold for both the minimum traffic and time.

Parameters

traffic

- the minimum traffic (in KB)

interval

- the checking interval (in minutes)

Example

JATP (server) # set system-alert traffic 100 time 30

This example sets the system alert such that, if the total monitored traffic of a collector within the last 30 minutes dips lower than 100KB, then a system health alert will be generated (and users will receive an email notification of the alert if email notifications are configured for system health events).

By default this alert is disabled, and users must set the minimum traffic and interval in order to enable it. Also note that all bytes seen on Ethernet frames are counted in the traffic.

The minimum interval for the "set system-alert traffic" time interval command is 10 minutes. If the minimum interval is set to less than 10 minutes, no alerts will be triggered.

setupcheck

Table 27: setupcheck

Description

Checks and reports on basic configuration settings and analysis pipeline setup.

Product(s) CLI

All-in-One | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

setupcheck {all | report | basic | analysis}

Parameters

all

Checks both basic settings and analysis pipelin

report

Shows report of last setupcheck.

basic

Checks basic configuration settings.

analysis

Checks the analysis pipeline.

Example

The following example checks all basic configuration settings as well as the analysis pipeline:

JATP (diagnosis) # setupcheck all

show (collector mode)

Table 28: show (collector mode)

Description

Displays the Traffic Collector HOMENET settings and all configured subnets, as well as current traffic filters and the current XFF status (enabled or disabled)

Product(s) CLI

All-in-One | Collector

Mode(s)

Collector

Subcommands

homenet | traffic-filter | proxy | honeypot

Syntax

show

Parameters

traffic-filter

Shows all traffic filter rules.

protocols

Shows current HTTP or SMB protocol parser settings

proxy {inside|outside}

Shows Traffic Collector proxy for inside or outside configurations.

honeypot

Shows the current honeypot configuration.

Example

The following example displays the current Collector proxy inside settings:

collector02(collector)# show proxy inside
Proxy IPs: 10.1.1.1

The following example displays the current traffic filter:

collector02 (collector)# show traffic-filter
Name: CustomRule2, Domain: headqtrs.example.com

The following example displays the current SMB protocol parser setting:

collector02 (collector)# show protocols

The following example displays the current honeypot configuration:

collector02 (collector)# show honeypot ssh-honeypot

show (collector mode)

Table 29: show (collector mode)

Description

Display the currently selected traffic monitoring interface.

Product(s) CLI

All-in-One | Collector

Mode(s)

Collector

Syntax

collector02 (collector)#ow traffic-monitoring-ifc-type

Display the currently selected traffic monitoring interface

show (core mode)

Description

Displays the guest image(s) status or whitelist statistics.

See Also:shutdown; show (diagnostic mode)

Product(s) CLI

See Also: shutdown; show (diagnostic mode)

Mode(s)

Core

Syntax

show

Parameters

images

Displays guest image update and status information.

whitelist

Displays the name, hit count and the time of last hit of a user configured whitelist.

Note that when a whitelist rule is deleted, it will be removed from the list. Updates to existing rule are not affected by the presence of the rule in the output, but hit count could increment. Further, more than one rule can be hit by a single incident.

alternate-exhaustinterface

Displays the status of the alternate exhaust interface eth2.

Example

The following example demonstrates the show images command usage:

JATP(core)# show images

The following example demonstrates the show whitelist command usage:

JATP(core)# show whitelist
JATP(core)# show whitelist

Rule Name

Hit Count

Local Time of Last Hit

URI1

10

Wed Sep 2 18:16:55 2015

URI2

10

Wed Sep 2 18:16:55 2015

URI3

10

Wed Sep 2 18:16:55 2015

greatfilesarey

49

Wed Sep 2 18:20:00 2015

The following example shows how to get the alternate-exhaust interface (eth2) status:

JATP(core)# show alternate-exhaust interface

show (diagnosis mode)

Table 30: show (diagnosis mode)

Description

Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.

See Also:shutdown;show (core mode)

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

show

Parameters

device {collectorstatus | | corestatus | slavecorestatus}

Display connected device statistics for Traffic Collector, CoreCM, or Mac Mini Detection Engine Secondary “slave core.”

protocol {web | email}

Displays the session counts for network web or email protocols.

objects

Displays the current number of file objects.

logging

Displays the currently-configured logging level.

See Also: set traffic-filter (collector mode)

log error traceback

Displays only the tracebacks (if any) generated by Juniper ATP Appliance OS process error logs. A traceback is a stack of functions that were executing when an error condition was encountered.

log error last <integer: number of lines to display>

Displays n [1-1000] lines of the contents of the common log file.

 

Example: show log error last 12

Example

The following example displays the connected Traffic Collector status.

JATP(diagnosis)# show device collectorstatus
<cr>
JATP (diagnosis)# show device collectorstatus WEB_COLLECTOR
IP : 10.2.9.68
Enabled : True
Last Seen : 2015-07-25 15:13:17.967000-07:00
Install Date : 2015-06-25 19:03:38-07:00
IP : 10.2.20.3
Enabled : True
Last Seen : 2015-07-28 11:07:42.046000-07:00
Install Date : 2013-11-14 09:25:39-08:00

This example displays the log error traceback

JATP(diagnosis)# show log error traceback
<cr>

shutdown

Table 31: shutdown

Description

Shuts down the Juniper ATP Appliance server.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

shutdown

Parameters

None

Example

The following example performs a shutdown of the current device.

JATP# shutdown

traceroute

Table 32: traceroute

Description

Displays the route packets trace to a host name or an IP address.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server | Collector

Syntax

traceroute

Parameters

-h unsigned integer

Specifies the number of hops

string

Names the remote system to be traced.

Example

The following example performs a traceroute of the named device.

JATP# traceroute -h 2 MacMininOSX-Engine

upgrade

Table 33: upgrade

Description

Upgrade Juniper ATP Appliance software for the Core/CM device or vCore, and all connected physical or virtual devices.

Product(s) CLI

All-in-One | Core CM

Mode(s)

cm

Syntax

upgrade <URI as user@hostname:path>

Parameters

<String_URI>

Specifies the software packages to copy .from a remo location for upgrading via the Core.

Example

The following example copies Juniper ATP Appliance software to the Core from a remote location defined by the path provided.

CoreCM(cm)# upgrade admin@remoteHost.edu:some/remote/ directory

updateimage

Table 34: updateimage

Description

Update or correct the guest-image OS profile used by the detection and analysis behavioral engine.

The updateimage command will update the guest images from the Juniper ATP Appliance update servers or a USB drive attached to the Juniper ATP Appliance.

Product(s) CLI

All-in-One | Core-CM | Mac Mini OS X Detection Engine

Mode(s)

Core

Syntax

updateimage

Parameters

built-in

Updates the guest-image on the detection Engine.

Example

The following example performs a built-in profile update for the Core detection engine.

JATP (core)# updateimage built-in
Installing image SC-XP-20150617.img...
Previous version of SC-XP-20150617.img exists.
Checking integrity...
Image SC-XP-20150617.img is already installed
Installing image SC-W7-20150521.img...
Previous version of SC-W7-20150521.img exists.
Checking integrity...
Image SC-W7-20150521.img is already installed

wizard

Table 35: wizard

Description

Enters the Configuration Wizard. For Configuration Wizard commands and response, see “Configuration Wizard for the All-in-One Server” in the next section to follow command prompts and recommended responses.

Product(s) CLI

All-in-One | Core/CM | Collector | Mac Mini Mac OS X

Mode(s)

Basic

Syntax

wizard

Parameters

None

Example

The following command starts the configuration wizard.

hostname # wizard

Configuration Wizard for the All-in-One Server

Table 36: Configuration Wizard for All-in-One Server

Configuration Wizard Prompts

Customer Response Actions

Use DHCP to obtain the IP address and DNS server address for the administrative interface (Yes/No)?

Note: Only if your DHCP response is no ,enter the following information when prompted:

  1. IP address (no CIDR format)

  2. Netmask

  3. Enter a gateway IP address for this management (administrative) interface:

  4. Enter primary DNS server IP address.

  5. Do you have a secondary DNS Server (Yes/No).

  6. Do you want to enter the search domains?

  7. Enter the search domain (separate multiple search domains by space):

Restart the administrative interface (Yes/No)?

We strongly discourage the use of DHCP addressing because it changes dynamically. A static IP address is preferred.

Recommended: Respond with no:

  1. Enter an IP address

  2. Enter a netmask using the form 255.255.255.0.

  3. Enter a gateway IP address.

  4. Enter the DNS server IP address

  5. If yes enter the IP address of the secondary DNS server.

  6. Enter yes if you want DNS lookups to use a specific domain.

  7. Enter search domain(s) separated by spaces; for example: example.com lan.com dom2.com

Enter yes to restart with the new configuration settings applied.

Enter a valid hostname.

Type a hostname when prompted; do not include the domain; for example: JuniperATP1.

Note: Only alphanumeric characters and hyphens (in the middle of the hostname) are allowed.

[OPTIONAL]

If the system detects a Secondary Core with an eth2 port, then the alternate CnC exhaust option is displayed:

Use alternate-exhaust for the analysis engine exhaust traffic (Yes/No)?

Enter IP address for the alternate-exhaust (eth2) interface:

Enter netmask for the alternate-exhaust (eth2) interface: (example: 255.255.0.0)

Enter gateway IP Address for the alternateexhaust (eth2) interface: (example:10.6.0.1)

Enter primary DNS server IP Address for the alternate-exhaust (eth2) interface: (example: 8.8.8.8)

Do you have a secondary DNS server for the alternate-exhaust (eth2) interface?

Do you want to enter the search domains for the alternate-exhaust (eth2) interface?

Note: A complete network interface restart can take more than 60 seconds

Refer to “Configuring an Alternate Analysis Engine Interface” in the Juniper ATP Appliance Operator’s Guide for more information.

Enter yes to configure an alternate eth2 interface.

Enter the IP address for the eth2 interface.

Enter the eth2 netmask.

Enter the gateway IP address.

Enter the primary DNS server IP Address for the alternate-exhaust (eth2) interface.

Enter yes or no to confirm or deny an eth2 secondary DNS server.

Enter yes or no to indicate whether you want to enter search domain.

Regenerate the SSL self-signed certificate (Yes/No)?

Enter yes to create a new SSL certificate for the Juniper ATP Appliance Server Web UI.