Help Center User GuideWhat's New
User Guide
What's New

Threat Sources Overview

Access this page from the Monitor menu.

The Threat Sources page lists information of servers that have attempted to contact and compromise hosts on your network. A threat source is a centralized computer that issues commands to botnets (compromised networks of computers) and receives reports back from them.


You can allowlist threat sources from the details page. See Threat Source Details.


  • C&C and Geo IP filtering feeds are only available with a Juniper ATP Cloud premium or basic license.

  • DNS feeds are available only with ATP Cloud premium license.

  • At this time, C&C URL feeds are not supported with SSL forward proxy.

The following information is available on this page.

Table 36: Threat Source Data Fields



External Server

The IP address or host name of the suspected threat source.

Blocked Via

Displays the custom feed name.

Highest Threat Level

The threat level of the threat source as determined by an analysis of actions and behaviors.


The number of times hosts on the network have attempted to contact the threat server.


The country where the threat source is located.

Last Seen

The date and time of the most recent threat source hit.


The action taken on the communication (permitted, sinkhole, or blocked).


Displays the DNS feed category. The available options are custom, global, and whitelist.

DNS Record Type

Displays the query type of the DNS request. The supported DNS query types are A, AAAA, MX, CNAME, SRV, SRV NoErr, TXT, ANY, and so on.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support