Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Enable Spotlight Secure

    WebApp Secure builds attacker fingerprints from characteristics of attacker web requests. This information can then be queried against the Spotlight Secure attacker database to help identify and report malicious activity. To use this service, you must enable it.

    1. In the WebApp Secure Web UI, navigate to Juniper Spotlight > Spotlight Secure.
    2. From the Spotlight Enabled pulldown list, select True to enable the service.

      Note: Navigate to Configuration > Processors and scroll down to Tracking Processors to check that the Client Fingerprint processor is enabled. It is required for this service.

    3. In the Server Address field, enter the address of the Spotlight server. Once you enter the address, you click the Test Connection to Spotlight Server link to make sure the server can be reached.
    4. For the remaining fields, it’s recommended that you use the default values.
    5. Click the Save button.

    Once an attacker from another site visits a page on your site, a Spotlight profile will be created for that user. Having attackers from other sites consolidated in the Spotlight window in the Web UI does allow you to keep close tabs on them. You can view the Spotlight profiles from the Spotlight page. Each Spotlight profile will be displayed in a row, with information such as their Local Profile name, Global (Spotlight) profile name, and the first and last times seen both locally and globally.

    Figure 1: Recent Attackers: Global and Local Names

    Recent Attackers: Global and Local Names

    You can view the Spotlight attackers' activities on your system on the Sessions and Attackers page. They are displayed with the same information as local attackers, and are indicated by the Spotlight icon next to their name.

    Figure 2: Recent Attackers: Global Names

    Recent Attackers: Global Names

    On the far left side of the Spotlight Attackers table is a small icon representing the local threat of the attacker, as it pertains to your site. This is a fast way to scan through the spotlight profiles and determine which ones might pose an immediate threat to your system. The severities range from Low to High.

    Note: Throughout the Web UI, you can start to see Spotlight profiles, indicated by the Spotlight icon next to their Profile name. You can choose to display either Local or Global (Spotlight) names (or both) through the User Preferences screen.

    Figure 3: User Preferences: Select Spotlight Name Preference

    User Preferences: Select Spotlight Name Preference

    Published: 2014-06-27