Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

New and Changed Features

 

This section lists the new features or changes in behavior of Juniper ATP Cloud features in Junos OS Release 21.1R1.

Server Message Block (SMB) Protocol Support for File Inspection

Starting in Junos OS Release 21.1R1, SRX Series devices support the Server Message Block (SMB) protocol in advanced anti-malware (AAMW) file inspection. Users and applications can use the SMB protocol to access files and other resources on a remote server. Navigate to Monitor > File Scanning > SMB File Downloads in the Juniper ATP Cloud UI to view the list of files downloaded by hosts for SMB protocol inspection.

[See SMB File Download Overview, SMB File Download Details, advanced-anti-malware policy, and show services advanced-anti-malware statistics.]

Support for Username Feed Type in Adaptive Threat Profiling Feeds

Starting in Junos OS Release 21.1R1, you can add user the source identity (username) feed type to adaptive threat profiling feeds. Navigate to Configure > Threat Profiling in the Juniper ATP Cloud UI to configure adaptive threat profiling feed.

[See Adaptive Threat Profiling Overview, Create an Adaptive Threat Profiling Feed, security-intelligence (security policies), and show services security-intelligence sec-profiling-feed status.]

Audit Logs

You can now view audit logs for login activity and specific tasks that are completed successfully using the ATP Cloud Web portal. Audit log entries include details about user-initiated tasks, such as the username, task name, task details, and date and time of execution of the task. You can view audit logs for a specific time span, search for and filter for audit logs, and export audit logs in comma-separated values (CSV) format. The retention period for audit logs is five years.

[See Viewing Audit Logs.]

Virtual routing and forwarding (VRF) Behavior for Adaptive Threat Profiling Feeds

In earlier releases, malware and CC submissions from all VRF instances under root logical domain were accepted even though they were not associated with the sub-realm. From this release onwards, you can see similar behavioral change for adaptive threat profiling feeds as well. Feeds from SRX Series devices are accepted for all VRF instances under the root logical domain even though they are not associated with any sub-realm.