Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

New and Changed Features


This section lists the changes in behavior of Juniper Sky ATP features and in Junos OS Release 18.1R1 for Juniper Sky ATP.

User Notification of Infected Hosts

This is configured using the set services security-intelligence command on the SRX Series device. During the processing of a session IP address, if the IP address is on the infected hosts list and HTTP traffic is using ports 80 or 8080, infected hosts HTTP redirection to a specified URL can be configured. See the ‘set services security-intelligence’ command in the Juniper Sky ATP CLI Reference Guide.

Office365 feed

Push Microsoft Office 365 services endpoint information to the SRX Series device for use in security policies. The office365 feed works differently from other third party feeds and requires specific configuration parameters, including a pre-defined name of “ipfilter_office365.” See the Juniper Sky ATP Administration Guide for details.

IPv6 Support

IPv6 addresses are now supported for all Juniper Sky ATP features including Command and Control, Blacklist, Whitelist, IP filtering, and GeoIP feeds. Note that references to “IPv4” in open API calls have changed to “IP.” This may impact your current API configurations.

The following features support IPv6 addresses:

  • Sample and Email Attachment Submissions

  • Early Verdicts

  • Command and Control Events

  • Malware Events

  • Reputation Lookup

  • Whitelists and Blacklists

  • Infected Hosts

  • MAC-IP Tracking and Suspicious Hosts feed