New and Changed Features
This section lists the new features or changes in behavior of Juniper ATP Cloud features in Junos OS Release 21.1R1.
Server Message Block (SMB) Protocol Support for File Inspection
Starting in Junos OS Release 21.1R1, SRX Series devices support the Server Message Block (SMB) protocol in advanced anti-malware (AAMW) file inspection. Users and applications can use the SMB protocol to access files and other resources on a remote server. Navigate to Monitor > File Scanning > SMB File Downloads in the Juniper ATP Cloud UI to view the list of files downloaded by hosts for SMB protocol inspection.
Support for Username Feed Type in Adaptive Threat Profiling Feeds
Starting in Junos OS Release 21.1R1, you can add user the source identity (username) feed type to adaptive threat profiling feeds. Navigate to Configure > Threat Profiling in the Juniper ATP Cloud UI to configure adaptive threat profiling feed.
You can now view audit logs for login activity and specific tasks that are completed successfully using the ATP Cloud Web portal. Audit log entries include details about user-initiated tasks, such as the username, task name, task details, and date and time of execution of the task. You can view audit logs for a specific time span, search for and filter for audit logs, and export audit logs in comma-separated values (CSV) format. The retention period for audit logs is five years.
[See Viewing Audit Logs.]
Virtual routing and forwarding (VRF) Behavior for Adaptive Threat Profiling Feeds
In earlier releases, malware and CC submissions from all VRF instances under root logical domain were accepted even though they were not associated with the sub-realm. From this release onwards, you can see similar behavioral change for adaptive threat profiling feeds as well. Feeds from SRX Series devices are accepted for all VRF instances under the root logical domain even though they are not associated with any sub-realm.