New and Changed Features
This section lists the changes in behavior of Juniper Sky ATP features and in Junos OS Release 18.1R1 for Juniper Sky ATP.
User Notification of Infected Hosts
This is configured using the set services security-intelligence command on the SRX Series device. During the processing of a session IP address, if the IP address is on the infected hosts list and HTTP traffic is using ports 80 or 8080, infected hosts HTTP redirection to a specified URL can be configured. See the ‘set services security-intelligence’ command in the Juniper Sky ATP CLI Reference Guide.
Office365 feed
Push Microsoft Office 365 services endpoint information to the SRX Series device for use in security policies. The office365 feed works differently from other third party feeds and requires specific configuration parameters, including a pre-defined name of “ipfilter_office365.” See the Juniper Sky ATP Administration Guide for details.
IPv6 Support
IPv6 addresses are now supported for all Juniper Sky ATP features including Command and Control, Blacklist, Whitelist, IP filtering, and GeoIP feeds. Note that references to “IPv4” in open API calls have changed to “IP.” This may impact your current API configurations.
The following features support IPv6 addresses:
Sample and Email Attachment Submissions
Early Verdicts
Command and Control Events
Malware Events
Reputation Lookup
Whitelists and Blacklists
Infected Hosts
MAC-IP Tracking and Suspicious Hosts feed