Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Threat Intelligence Sharing

 

Using the TAXII service, Juniper ATP Cloud can contribute to STIX reports by sharing the threat intelligence it gathers from file scanning. Juniper ATP Cloud also uses threat information from STIX reports as well as other sources for threat prevention. See HTTP File Download Details for more information on STIX reports.

  • STIX (Structured Threat Information eXpression) is a language used for reporting and sharing threat information using TAXII (Trusted Automated eXchange of Indicator Information). TAXII is the protocol for communication over HTTPS of threat information between parties.

  • STIX and TAXII are an open community-driven effort of specifications that assist with the automated exchange of threat information. This allows threat information to be represented in a standardized format for sharing.

  • If you enable TAXII (it is disabled by default), you can limit who has access to your shared threat information by creating an application token. See. Creating Application Tokens.

To enable and configure threat intelligence sharing, do the following:

  1. Select Configure > Global Configuration > Threat Intelligence Sharing.
  2. Move the knob to the right to Enable TAXII.
  3. Move the slidebar to designate a file sharing threshold. Only files that meet or exceed the set threshold will be used in STIX reports. The default is threat level 6 or higher.Note

    You can limit who has access to your information by creating an application token. See. Creating Application Tokens.

Table 1: Additional Information

TAXII URLs and Services

Description

Discovery URL

Used by the TAXII client to discover available TAXII Services. The command to initiate a TAXII request is: taxii-discovery

Note: Refer to the TAXII documentation for information on additional commands. http://taxiiproject.github.io/documentation/

Juniper ATP Cloud Discovery URLs are:

US Region: https://taxii.sky.junipersecurity.net/services/discovery

EU Region: https://taxii-eu.sky.junipersecurity.net/services/discovery

APAC Region: https://taxii-apac.sky.junipersecurity.net/services/discovery

Canada: https://taxii-canada.sky.junipersecurity.net/services/discovery

At this time, there are two services supported by Juniper ATP Cloud on the TAXII server.

Collection Management

Used by the TAXII client to request information about available data collections.

Juniper ATP Cloud Collection Management URLs are:

US Region: https://taxii.sky.junipersecurity.net/services/collection-management

EU Region: https://taxii-eu.sky.junipersecurity.net/services/collection-management

APAC Region: https://taxii-apac.sky.junipersecurity.net/services/collection-management

Canada: https://taxii-canada.sky.junipersecurity.net/services/collection-management

Poll URL

Used by the TAXII client to poll for STIX files - looking for malware that has been identified on the network.

Juniper ATP Cloud Polling URLs are:

US Region: https://taxii.sky.junipersecurity.net/services/poll

EU Region: https://taxii-eu.sky.junipersecurity.net/services/poll

APAC Region: https://taxii-apac.sky.junipersecurity.net/services/poll

Canada: https://taxii-canada.sky.junipersecurity.net/services/poll