Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

New and Changed Features


This section lists the new features or changes in behavior of Juniper ATP Cloud features in Junos OS Release 20.3R1.

Support to integrate AWS GuardDuty with vSRX Firewalls

Starting with Junos OS Release 20.3R1, we support threat feeds from Amazon Web Services (AWS) GuardDuty. The threats are sent as a security feed to the vSRX firewalls in the AWS environment. The vSRX firewalls can access the feeds either by directly downloading it from the AWS S3 bucket or, if the vSRX firewall is enrolled with Juniper ATP Cloud, the feed is pushed to the firewall device along with the security intelligence (SecIntel) feeds.

See Integrate AWS GuardDuty with vSRX Firewalls.

Support to add adaptive threat profiling feed to infected host feed

You can now add adaptive threat profiling feed content, such as source IP address or destination IP address, to the infected host feed.

[See Adaptive Threat Profiling Overview and Add Threat Feed for Adaptive Threat Profiling.]

Increase in maximum number of feeds per category for adaptive threat profiling

You can now create up to 64 feeds per category for adaptive threat profiling feeds. Based on your requirement, you can choose to add all 64 feeds to infected host feeds.

[See Add Threat Feed for Adaptive Threat Profiling.]

Support to retain malicious file samples

After analyzing malicious file samples, we now retain them for further investigation. For more information, please refer to Juniper ATP Cloud Privacy Policy Supplement.

Support to Integrate Mist with vSRX Firewalls

You can enable Mist integration with ATP Cloud to share the threat alerts detected by Juniper SRX Series firewalls and Juniper ATP Cloud with Mist customers.

[See Enable Mist with Juniper ATP Cloud.]

SecIntel Feeds

We have renamed the Third-party Threat Feeds menu to SecIntel Feeds in Juniper ATP Cloud Web portal. To view SecIntel feeds, navigate to Configure > SecIntel in Juniper ATP Cloud Web portal. You can now view Juniper SecIntel feeds (Command and Control Feed, Attacker IP Feed, GeoIP Feed, and Infected Host Feed) that are available for ATP Cloud license.

Note that the Infected Host feed is enabled by default for all license tiers. All other Juniper SecIntel feeds are enabled by default with a premium license.

[See SecIntel Feeds Overview and Juniper SecIntel Feeds Overview.]

Change in Whitelist and Blacklist pages

We have separated the IP and URL tabs in the Whitelist and Blacklist pages.

[See Creating Allowlists and Blocklists.]

Encrypted Traffic Insights

Starting with this release, we have renamed Encrypted Traffic Analysis menu to Encrypted Traffic Insights.

[See Encrypted Traffic Insights Overview.]


We have changed the terminology Infected Hosts to Hosts with Malicious Activities in the Threat Assessment reports.

[See Reports Overview.]

Rebranding ATP

Juniper Sky™ Advanced Threat Prevention (Juniper Sky ATP) is now Juniper® Advanced Threat Prevention Cloud (Juniper ATP Cloud).