Configuring Threat Intelligence Sharing
Using the TAXII service, Juniper ATP Cloud can contribute to STIX reports by sharing the threat intelligence it gathers from file scanning. Juniper ATP Cloud also uses threat information from STIX reports as well as other sources for threat prevention. See HTTP File Download Details for more information on STIX reports.
STIX (Structured Threat Information eXpression) is a language used for reporting and sharing threat information using TAXII (Trusted Automated eXchange of Indicator Information). TAXII is the protocol for communication over HTTPS of threat information between parties.
STIX and TAXII are an open community-driven effort of specifications that assist with the automated exchange of threat information. This allows threat information to be represented in a standardized format for sharing.
If you enable TAXII (it is disabled by default), you can limit who has access to your shared threat information by creating an application token. See. Creating Application Tokens.
To enable and configure threat intelligence sharing, do the following:
- Select Configure > Global Configuration > Threat Intelligence Sharing.
- Move the knob to the right to Enable TAXII.
- Move the slidebar to designate a file sharing threshold.
Only files that meet or exceed the set threshold will be used in STIX
reports. The default is threat level 6 or higher.
You can limit who has access to your information by creating an application token. See. Creating Application Tokens.
Table 1: Additional Information
TAXII URLs and Services
Used by the TAXII client to discover available TAXII Services. The command to initiate a TAXII request is: taxii-discovery
Note: Refer to the TAXII documentation for information on additional commands. http://taxiiproject.github.io/documentation/
Juniper ATP Cloud Discovery URLs are:
US Region: https://taxii.sky.junipersecurity.net/services/discovery
EU Region: https://taxii-eu.sky.junipersecurity.net/services/discovery
APAC Region: https://taxii-apac.sky.junipersecurity.net/services/discovery
At this time, there are two services supported by Juniper ATP Cloud on the TAXII server.
Used by the TAXII client to request information about available data collections.
Juniper ATP Cloud Collection Management URLs are:
US Region: https://taxii.sky.junipersecurity.net/services/collection-management
EU Region: https://taxii-eu.sky.junipersecurity.net/services/collection-management
APAC Region: https://taxii-apac.sky.junipersecurity.net/services/collection-management
Used by the TAXII client to poll for STIX files - looking for malware that has been identified on the network.
Juniper ATP Cloud Polling URLs are:
US Region: https://taxii.sky.junipersecurity.net/services/poll
EU Region: https://taxii-eu.sky.junipersecurity.net/services/poll
APAC Region: https://taxii-apac.sky.junipersecurity.net/services/poll