Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Core/CM Server CLI Commands

This chapter describes the commands for available for Juniper ATP Appliance Core/CM or vCore servers. These commands are used to configure devices and software, manage security events, and show system information and status.

You must enclose non-alphabet characters in double quotes in CLI commands.

Basic Mode Commands

Use general system commands to configure the appliance, view appliance history, enter other CLI modes, obtain help with CLI syntax, and to exit the CLI session.

The general commands are:

Refer to the respective sections in this guide to review Diagnosis Mode, CM Mode, Collector Mode and Server Mode commands per product device.

CM Commands

CoreCM CLI Commands

capture-start

Table 1: capture-start

Description

Starts packet capture as a means for diagnosing and debugging network traffic and obtaining stats.

See Also:[mode];

Product(s) CLI

All-in-One | Collector | Core | Mac OS X Detection Engine

Mode(s)

Diagnosis

Syntax

capture-start

Parameters

<IP address> <interface_name>

Sub-Commands

None

Example

The following example starts a packet capture process on interface eth1 for a Traffic Collector with IP address 8.8.8.8:

hostname # diagnosis

hostname (diagnosis)# capture-start 8.8.8.8 eth1

Note:

Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that the capture filters on.

cm

Table 2: cm

Description

Enters cm (Central Manager) mode.

See Also: basic [mode];

Product(s) CLI

All-in-One | Core

Mode(s)

Basic

Syntax

cm

Parameters

None

Sub-Commands

exit | help | history | upgrade

Example

The following command example enters cm configuration mode:

hostname # cm

hostname (cm)#

core

Table 3: core

Description

Enters core mode.

See Also: basic [mode];

Product(s) CLI

All-in-One | Collector | Core | Mac OS X Detection Engine

Mode(s)

Basic

Syntax

core

Parameters

None

Sub-Commands

exit, help, history, show, updateimage

Example

The following command example enters core configuration mode:

hostname # core

hostname (core)#

copy

Table 4: copy

Description

Uses Secure Copy (SCP) to copy and transfer packet capture or traceback (crash) data to a remote location, providing the same authentication and level of security as an SSH transfer.

The copy traceback command, upon Customer Support's request, copies the traceback files out of the box to a remote location.

See Also:[mode];

Product(s) CLI

All-in-One | Collector | Core-CM | Mac OSX Engine

Mode(s)

Diagnosis

Syntax

copy capture <scp source_file_name username@destination_host:destination_folder> | traceback {<tab> | ALL} <string URI as user@hostname:path

Parameters

copy capture <scp remote filename_location>

copy traceback <ALL | filename>

copy traceback <tab> [tab displays all available crash filenames]

Sub-Commands

None

Example

The following example copies the file "Eth1.txt" from the local host to a remote host:

hostname (diagnosis)# copy capture scp captureEth1.txt

mailto:admin@remotehost.edu:/some/remote/directory

diagnosis

Table 5: diagnosis

Description

Enters the Diagnosis configuration and status check mode.

See Also: collector [mode], server [mode]

Product(s) CLI

All-in-One | Collector | Mac OS X Detection Engine

Mode(s)

Basic

Syntax

diagnosis

Parameters

None

Sub-Commands

; ; ; ;;;;;;

Example

The following example enters diagnosis configuration and status check mode:

hostname # diagnosis

hostname (diagnosis)# ?

exit

Table 6: exit

Description

Ends the CLI session.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Core | Collector | Diagnosis | Server

Syntax

exit

Parameters

None

Example

The following example ends a command mode or CLI session.

JATP# (diagnosis) exit
JATP#

gssreport

Table 7: gssreport

Description

Use the gssreport command to submit reports to Juniper Global Security Services (GSS), and to display the status of the current GSS report.

See Also:;[mode]

Product(s) CLI

All-in-One | Collector | Mac OS X Detection Engine

Mode(s)

diagnosis

Syntax

gssreport status | submit

Parameters

status - displays the status of the current GSS report.

submit - submits a report to Juniper ATP Appliance GSS.

Sub-Commands

None

Example

The following examples display the status of a GSS report submission:

	hostname # diagnosis				
hostname (diagnosis)# gssreport submit
Successfully started GSS report
hostname (diagnosis)# gssreport status
GSS is currently enabled
Last 5-minute GSS report at 2015-07-28 10:34:24.414322:
successfully submitted
Last hourly GSS report at 2015-07-28 10:34:24.468259:
successfully submitted
Last daily GSS report at 2015-07-28 10:34:28.225512:
successfully submitted

help

Table 8: help

Description

Displays information about the CLI help system.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Core | Collector | Diagnosis | Server

Syntax

help

Parameters

None

Example

The following example shows some of the output of the help command.

CONTEXT SENSITIVE HELP
[?] - Display context sensitive help. This is either a list of possible command completions with summaries, or the full syntax of the current command. A subsequent repeat of this key, when a command has been resolved, will display a detailed reference.
AUTO-COMPLETION
The following keys both perform auto-completion for the current command line. If the command prefix is not unique then the bell will ring and a subsequent repeat of the key will display possible completions.
[enter] - Auto-completes, syntax-checks then executes a command. If there is a syntax error then offending part of the command line will be highlighted and explained.
[tab] - Auto-completes
[space] - Auto-completes, or if the command is already resolved inserts a space.
If “<cr>” is shown, that means that what you have entered so far is a complete command, and you may press Enter (carriage return) to execute it.
Use ? to learn command parameters and option:
JATP (server)# show f?
firewall Show the firewall configuration settings
interface
JATP (server)# show firewall?
all Show the current iptables settings
whitelist Show the iptables whitelist settings 
show firewall whitelist?
<cr>
show firewall whitelist

history

Table 9: history

Description

Displays the current CLI session command line history.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Basic | Core | Collector | Diagnosis | Server

Syntax

history

Parameters

None

Example

The following examples returns command line history for the current CLI session.

JATP# (core) history

ifrestart

Table 10: ifrestart

Description

Restarts the interface driver and services using the interface.

Product(s) CLI

All-in-One | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

ifrestart eth0 | eth1

Parameters

eth0  		Restarts the management network administra interface.
eth1  		Restarts the monitoring network interface.

Example

The following example restarts the eth0 interface for the management network.

<FireEye_name># ifrestart eth0

ping

Table 11: ping

Description

Sends ICMP (Internet Control Message Protocol) echo request packets to a specified host name or IP address to verify that the destination is reachable over the network.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

ping [-c count] [-h hops] [string]

Parameters

-ccount

Number of echo requests to send. By default, pings ar continuously until you press Ctrl+C.

-hhops

Number of next hops between pings (default is 1).

string

IP address, hostname or interface name used to ping device address

Example

The following example sends three echo requests to the device with the IP Address 10.10.10.1

<FireEye_name># ping -c 3 10.10.10.1

PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_req=1 ttl=64 time=0.314 ms
64 bytes from 10.10.10.1: icmp_req=2 ttl=64 time=0.277 ms
64 bytes from v: icmp_req=3 ttl=64 time=0.274 m
--- 10.10.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.274/0.288/0.314/0.022 ms

reboot

Table 12: reboot

Description

Reboots the Juniper ATP Appliance.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

reboot

Parameters

None

Example

The following example reboots the system.

hostname# reboot

reset-admin-password

Table 13: reset-admin-password

Description

A sudo user named “recovery” uses this command to reset the admin password. This user will not require any password and can only login on a physical device, not using ssh login.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

recovery

Parameters

exit | help| history | reset-admin-password

Example

The following example resets the admin password.

customer login: recovery
Note:

Since passwords do not sync across devices, you must perform this reset manually on all ATP Appliance devices.

restart

Table 14: restart

Description

Restarts Juniper ATP Appliance services.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

restart [all | behaviorengine | cm | collector | core | correlationengine | database | ntpserver | sshserver | staticengine | webserver]

Parameters

all

Restarts all Juniper ATP Appliance services.

behaviorengine

Restarts the Behavioral Analysis Engine

cm

Restarts the Central Manager Web UI service.

collector

Restarts the Collector service.

core

Restarts the Core Detection Engine.

correlationengine

Restarts the Correlation Engine.

database

Restarts the Database.

ntpserver

Restarts the NTP server.

sshserver

Restarts the SSH server.

staticengine

Restarts the Static Analysis Engine.

webserver

Restarts the web server.

Example

The following example restarts the Central manager service.

JATP# restart cm

restore

Table 15: restore

Description

Restores the system configuration to the factory default settings. This will only reset the password to default temporarily.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

server

Syntax

restore [support | firewall {backup | default} | hostname | network]

Allowlist rules rely on normal service shutdown to be backed up. Powering off a VM directly will lose the allowist state as rules cannot be saved in that case.

Parameters

Note:

vCore for AWS does not use the following CLI commands: restore hostname restore network

support

Restores the default support password setting remote login (set during initial installation per l See also (server)# set (server mode)

firewall {backup | default}

Restores the firewall settings from either the pr backup, or from the default factory settings.

hostname

Restores the system’s hostname to the factory hostname.

network

Restores the IP address and DNS settings to the factory default settings.

Warning:

This command option removes the current IP address and DNS settings, and reloads the default values for these settings.

Example

The following example restores the system.

JATP# restore

This next example restores the SSH login “support” password to the default

JATP # restore support password
Restore the default support password? (Yes/No)? yes
support password was restored successfully!

set (core mode)

Table 16: set

Description

Resets the Secondary Core UUID, if the virtual core is cloned.

Product(s) CLI

Core/CM (Virtual Core)

Mode(s)

Core (for Virtual Core configurations)

Syntax

set id

Sub-Commands

None

Example

The following example sets the Virtual Core appliance id:

hostname # core
hostname (core) # set id
<cr>

server

Table 17: server

Description

Enters the server configuration mode.

Product(s) CLI

All-in-One | Collector | Core/CM | Mac Mini Mac OS X

Mode(s)

Basic

Syntax

server

Sub-Commands

;;;;;;;;;;

Whitelist rules rely on normal service shutdown to be backed up.Powering off a VM directly will lose the allowlist state as rules cannot be saved in that case.

Example

The following example enters server configuration mode:

hostname # server
hostname (server) # ?

set system-alert (server mode)

Table 18: set system-alert

Description

Configure the traffic threshold and checking interval for the Collector “monitored traffic” health status.

When the monitored traffic of a collector within the checking interval time is lower than the threshold, a system health alert is generated. You can send an email notification of the alert if email notifications of system health events are configured.

Product(s) CLI

All-in-One | Core CM

Mode(s)

Server, See Also:; set (collector mode); show

Syntax

set system-alert traffic <integer> time <interval>
Note:

Note that both "traffic" and "time" parameters are required in order to set the threshold for both the minimum traffic and time.

Parameters

traffic - the minimum traffic (in KB)
interval - the checking interval (in minutes)

Example

JATP (server) # set system-alert traffic 100 time 30

This example sets the system alert such that, if the total monitored traffic of a collector within the last 30 minutes dips lower than 100KB, then a system health alert will be generated (and users will receive an email notification of the alert if email notifications are configured for system health events).

By default this alert is disabled, and users must set the minimum traffic and interval in order to enable it. Also note that all bytes seen on Ethernet frames are counted in the traffic.

The minimum interval for the "set system-alert traffic" time interval command is 10 minutes. If the minimum interval is set to less than 10 minutes, no alerts will be triggered.

set (server mode)

Table 19: set

Description

Configure the system settings.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server, See Also: ; ;

Syntax

set [autoupdate {on | off} | cli timeout secs | clock | cm address | cysupport {enable | disable} localmode {enable | disable}| passphrase string | dns | firewall {all <backup | flush> | whitelist} | hostname string | ip interface {management | alternate-exhaust}| ntpserver | password | proxy {config | enabled | remove} | timezone string | uipassword]

Parameters

Note:

vCore for AWS does not use the following CLI commands:

set ip

set hostname

[Users cannot set static IP address or change the hostname directly on an EC2 AWS instance]

(See columns below)

 
autoupdate {content | software} {on | off}
cli secs

clock

cm address
set cysupport {enable | disable} | {localmode}

dns

firewall {all <backup | flush> | whitelist <add | delete | flush>}
hostname string
ip interface {management | alternateexhaust} <dhcp | address | netmask | gateway}

Turn on or off automatic product updates.

set autoupdate content on

Sets CLI period in seconds (0 indicates no timeout).

Sets the current date and time.

Sets the IP address of the Central Manager and netmask using slash notation; ex: AAA.BBB.CCC.DD/X

Enables remote SSH login “support” account or localmode enable|/disable.

Sets DNS (or enables DHCP for DNS) for the management interface by default if interface is unspecified.

Backs up or flushes (clears) all current iptables for a firewall, or adds, deletes or flushes the current iptables allowlist-specific settings for the firewall.

The “add” option adds an IP address to the iptables outbound allowlist.

# set firewall whitelist add 10.1.1.1

Sets the system’s host name.

Sets the IP address, netmask, or default gateway, or enables DHCP for the management or alternate-exhaust interface.

ntpserver
passphrase string
password

Sets the Network Time Protocol (NTP) server.

Sets the device key password; enter a string.

Sets a new password for the CLI administrator.

proxy {config <all|http> | enable <on|off> | remove <all|http>}

Config, enable/disable, or remove “all” proxy configs, or remove an HTTP-specific proxy server.

Tip:

Config the proxy for “all” protocols first, and then change HTTP proxy as needed.

timezone string

Sets the timezone for the device.

uipassword

Sets a new admin password for CM Web UI access.

Examples

The following example enables a proxy server.

JATP (server)# set proxy enable on

set appliance-type (server mode)

Table 20: set appliance-type

Description

Change the appliance type at any time. For example, change from All-In-One to Core/CM. Note that if you change the appliance type after the initial installation, all data files related to the current type are lost and you must set up the appliance as you would a fresh box.

Product(s) CLI

All-in-One | Core CM | Collector

Mode(s)

server

Syntax

jatp:AIO#(server)# set appliance-type core-cm 

Parameters

all-in-one

core-cm

email-collector

traffic-collector

Example

The following example changes the form factor of the appliance from all-in-one (the default) to core-cm:

jatp:AIO#(server)# set appliance-type core-cm 
This will result in the deletion of all data and configurations not relevant to the new form factor.
Proceed? (Yes/No)?  Yes

set (diagnosis mode)

Table 21: set

Description

Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.

See Also:

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

set logging all

Parameters

all

Sets logging for all Juniper ATP Appliance components.

default

Sets logging to the default parameters

debug

Sets logging at the debug level.

info

Sets logging at the info level.

warning

Sets logging at the warning level.

error

Sets logging at the error level.

critical

Sets logging at the critical level.

Example

The following example sets the default logging level for all Juniper ATP Appliance components.

JATP# set logging all

setupcheck

Table 22: setupcheck

Description

Checks and reports on basic configuration settings and analysis pipeline setup.

Product(s) CLI

All-in-One | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

setupcheck {all | report | basic | analysis}

Parameters

all 			Checks both basic settings and analysis pipelin
report 		Shows report of last setupcheck.
basic		 	Checks basic configuration settings.
analysis 		Checks the analysis pipeline.

Example

The following example checks all basic configuration settings as well as the analysis pipeline:

JATP (diagnosis) # setupcheck all

show (core mode)

Table 23: show

Description

Displays the guest image(s) status or allowlist statistics.

See Also:; show (diagnostic mode)

Product(s) CLI

See Also: shutdown; show (diagnostic mode)

Mode(s)

Core

Syntax

show

Parameters

images

Displays guest image update and status information.

whitelist

Displays the name, hit count and the time of last hit of a user configured allowlist.

Note that when a allowlist rule is deleted, it will be removed from the list. Updates to existing rule are not affected by the presence of the rule in the output, but hit count could increment. Further, more than one rule can be hit by a single incident.

alternate-exhaustinterface

Displays the status of the alternate exhaust interface eth2.

Example

The following example demonstrates the show images command usage:

JATP(core)# show images

The following example demonstrates the show whitelist command usage:

JATP(core)# show whitelist
JATP(core)# show whitelist

Rule Name

Hit Count

Local Time of Last Hit

URI1

10

Wed Sep 2 18:16:55 2015

URI2

10

Wed Sep 2 18:16:55 2015

URI3

10

Wed Sep 2 18:16:55 2015

greatfilesarey

49

Wed Sep 2 18:20:00 2015

The following example shows how to get the alternate-exhaust interface (eth2) status:

JATP(core)# show alternate-exhaust interface

show (diagnosis mode)

Description

Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.

See Also:

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

diagnosis

Syntax

show

Parameters

device {collectorstatus | | corestatus | slavecorestatus}

Display connected device statistics for Traffic Collector, CoreCM, or Mac Mini Detection Engine Secondary “backup core.”

protocol {web | email}

Displays the session counts for network web or email protocols.

objects

Displays the current number of file objects.

logging

Displays the currently-configured logging level.

See Also: set traffic-filter (collector mode) logging

log error traceback

Displays only the tracebacks (if any) generated by Juniper ATP Appliance OS process error logs. A traceback is a stack of functions that were executing when an error condition was encountered.

log error last <integer: number of lines to display>

Displays n [1-1000] lines of the contents of the common log file.

 

Example: show log error last 12

Example

The following example displays the connected Traffic Collector status.

JATP(diagnosis)# show device collectorstatus
<cr>
JATP (diagnosis)# show device collectorstatus WEB_COLLECTOR
IP : 10.2.9.68
Enabled : True
Last Seen : 2015-07-25 15:13:17.967000-07:00
Install Date : 2015-06-25 19:03:38-07:00
IP : 10.2.20.3
Enabled : True
Last Seen : 2015-07-28 11:07:42.046000-07:00
Install Date : 2013-11-14 09:25:39-08:00

This example displays the log error traceback

JATP(diagnosis)# show log error traceback
<cr>

show (server mode)

Table 24: show

Description

Display configurations and status information.

Product(s)CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server, See Also:

Syntax

show

Parameters

(See Tables below)

 
autoupdate

Show the automatic update setting.

cli timeout

Show the CLI timeout setting.

clock

Show the current date and time.

cm

Show the Central Manager IP address.

controller

Show the driver state for interfaces.

cysupport

Show the remote SSH login support status.

description

Show the server or system description.

devicekey

Show the device key.

devicetype

Show the device type.

dns

Show the DNS servers settings.

eula

Show the End User License Agreement.

firewall [all <| whitelist]

Show the firewall configuration settings.

hostname

Show the system’s host name.

interface [management | monitoring | alternateexhaust]

Show information about the management (administrative) network interface eth0, or the monitoring interface (eth1), or the alternate-exhaust interface (eth2).

See Also:

show controller

Show the IP address of the management (administrative) interface eth0.

ip

Results may show both private and public IP addresses if the AWS vCore has a public IP.

name

Show the server name.

ntpserver

Show the Network Time Protocol (NTP) server settings.

proxy

Shows the proxy configuration for the management network.

Show system statistics:

See also show (collector mode) for show proxy inside/outside data path

cpuload shows average CPU load in the system for running processes in the last 1, 5 and 15 min intervals.

stats [cpuload | disk | memory]

disk shows the disk space usage in the system.

memoryshows the system memory usage.

show stats cpuload (0.06,0.13,0.13)
system-alert

Shows the current set system-alert settings.

set timezone

Shows the list of available timezones as displayed below.

Africa/Abidjan                   Africa/Accra                     Africa/Addis_Ababa               Africa/Algiers                   Africa/Asmara                    Africa/Asmera                    
Africa/Bamako                    Africa/Bangui                    Africa/Banjul                    Africa/Bissau                    Africa/Blantyre                  Africa/Brazzaville               
Africa/Bujumbura                 Africa/Cairo                     Africa/Casablanca                Africa/Ceuta                     Africa/Conakry                   Africa/Dakar                     
Africa/Dar_es_Salaam             Africa/Djibouti                  Africa/Douala                    Africa/El_Aaiun                  Africa/Freetown                  Africa/Gaborone                  
Africa/Harare                    Africa/Johannesburg              Africa/Juba                      Africa/Kampala                   Africa/Khartoum                  Africa/Kigali                    
Africa/Kinshasa                  Africa/Lagos                     Africa/Libreville                Africa/Lome                      Africa/Luanda                    Africa/Lubumbashi                
Africa/Lusaka                    Africa/Malabo                    Africa/Maputo                    Africa/Maseru                    Africa/Mbabane                   Africa/Mogadishu                 
Africa/Monrovia                  Africa/Nairobi                   Africa/Ndjamena                  Africa/Niamey                    Africa/Nouakchott                Africa/Ouagadougou               
Africa/Porto-Novo                Africa/Sao_Tome                  Africa/Timbuktu                  Africa/Tripoli                   Africa/Tunis                     Africa/Windhoek                  
America/Adak                     America/Anchorage                America/Anguilla                 America/Antigua                  America/Araguaina                America/Argentina/Buenos_Aires   
America/Argentina/Catamarca      America/Argentina/ComodRivadavia America/Argentina/Cordoba        America/Argentina/Jujuy          America/Argentina/La_Rioja       America/Argentina/Mendoza        
America/Argentina/Rio_Gallegos   America/Argentina/Salta          America/Argentina/San_Juan       America/Argentina/San_Luis       America/Argentina/Tucuman        America/Argentina/Ushuaia        
America/Aruba                    America/Asuncion                 America/Atikokan                 America/Atka                     America/Bahia                    America/Bahia_Banderas           
America/Barbados                 America/Belem                    America/Belize                   America/Blanc-Sablon             America/Boa_Vista                America/Bogota                   
America/Boise                    America/Buenos_Aires             America/Cambridge_Bay            America/Campo_Grande             America/Cancun                   America/Caracas                  
America/Catamarca                America/Cayenne                  America/Cayman                   America/Chicago                  America/Chihuahua                America/Coral_Harbour            
America/Cordoba                  America/Costa_Rica               America/Creston                  America/Cuiaba                   America/Curacao                  America/Danmarkshavn             
America/Dawson                   America/Dawson_Creek             America/Denver                   America/Detroit                  America/Dominica                 America/Edmonton                 
America/Eirunepe                 America/El_Salvador              America/Ensenada                 America/Fort_Nelson              America/Fort_Wayne               America/Fortaleza                
America/Glace_Bay                America/Godthab                  America/Goose_Bay                America/Grand_Turk               America/Grenada                  America/Guadeloupe               
America/Guatemala                America/Guayaquil                America/Guyana                   America/Halifax                  America/Havana                   America/Hermosillo               
America/Indiana/Indianapolis     America/Indiana/Knox             America/Indiana/Marengo          America/Indiana/Petersburg       America/Indiana/Tell_City        America/Indiana/Vevay            
America/Indiana/Vincennes        America/Indiana/Winamac          America/Indianapolis             America/Inuvik                   America/Iqaluit                  America/Jamaica                  
America/Jujuy                    America/Juneau                   America/Kentucky/Louisville      America/Kentucky/Monticello      America/Knox_IN                  America/Kralendijk               
America/La_Paz                   America/Lima                     America/Los_Angeles              America/Louisville               America/Lower_Princes            America/Maceio                   
America/Managua                  America/Manaus                   America/Marigot                  America/Martinique               America/Matamoros                America/Mazatlan                 
America/Mendoza                  America/Menominee                America/Merida                   America/Metlakatla               America/Mexico_City              America/Miquelon                 
America/Moncton                  America/Monterrey                America/Montevideo               America/Montreal                 America/Montserrat               America/Nassau                   
America/New_York                 America/Nipigon                  America/Nome                     America/Noronha                  America/North_Dakota/Beulah      America/North_Dakota/Center      
America/North_Dakota/New_Salem   America/Nuuk                     America/Ojinaga                  America/Panama                   America/Pangnirtung              America/Paramaribo               
America/Phoenix                  America/Port-au-Prince           America/Port_of_Spain            America/Porto_Acre               America/Porto_Velho              America/Puerto_Rico              
America/Punta_Arenas             America/Rainy_River              America/Rankin_Inlet             America/Recife                   America/Regina                   America/Resolute                 
America/Rio_Branco               America/Rosario                  America/Santa_Isabel             America/Santarem                 America/Santiago                 America/Santo_Domingo            
America/Sao_Paulo                America/Scoresbysund             America/Shiprock                 America/Sitka                    America/St_Barthelemy            America/St_Johns                 
America/St_Kitts                 America/St_Lucia                 America/St_Thomas                America/St_Vincent               America/Swift_Current            America/Tegucigalpa              
America/Thule                    America/Thunder_Bay              America/Tijuana                  America/Toronto                  America/Tortola                  America/Vancouver                
America/Virgin                   America/Whitehorse               America/Winnipeg                 America/Yakutat                  America/Yellowknife              Antarctica/Casey                 
Antarctica/Davis                 Antarctica/DumontDUrville        Antarctica/Macquarie             Antarctica/Mawson                Antarctica/McMurdo               Antarctica/Palmer                
Antarctica/Rothera               Antarctica/South_Pole            Antarctica/Syowa                 Antarctica/Troll                 Antarctica/Vostok                Arctic/Longyearbyen              
Asia/Aden                        Asia/Almaty                      Asia/Amman                       Asia/Anadyr                      Asia/Aqtau                       Asia/Aqtobe                      
Asia/Ashgabat                    Asia/Ashkhabad                   Asia/Atyrau                      Asia/Baghdad                     Asia/Bahrain                     Asia/Baku                        
Asia/Bangkok                     Asia/Barnaul                     Asia/Beirut                      Asia/Bishkek                     Asia/Brunei                      Asia/Calcutta                    
Asia/Chita                       Asia/Choibalsan                  Asia/Chongqing                   Asia/Chungking                   Asia/Colombo                     Asia/Dacca                       
Asia/Damascus                    Asia/Dhaka                       Asia/Dili                        Asia/Dubai                       Asia/Dushanbe                    Asia/Famagusta                   
Asia/Gaza                        Asia/Harbin                      Asia/Hebron                      Asia/Ho_Chi_Minh                 Asia/Hong_Kong                   Asia/Hovd                        
Asia/Irkutsk                     Asia/Istanbul                    Asia/Jakarta                     Asia/Jayapura                    Asia/Jerusalem                   Asia/Kabul                       
Asia/Kamchatka                   Asia/Karachi                     Asia/Kashgar                     Asia/Kathmandu                   Asia/Katmandu                    Asia/Khandyga                    
Asia/Kolkata                     Asia/Krasnoyarsk                 Asia/Kuala_Lumpur                Asia/Kuching                     Asia/Kuwait                      Asia/Macao                       
Asia/Macau                       Asia/Magadan                     Asia/Makassar                    Asia/Manila                      Asia/Muscat                      Asia/Nicosia                     
Asia/Novokuznetsk                Asia/Novosibirsk                 Asia/Omsk                        Asia/Oral                        Asia/Phnom_Penh                  Asia/Pontianak                   
Asia/Pyongyang                   Asia/Qatar                       Asia/Qostanay                    Asia/Qyzylorda                   Asia/Rangoon                     Asia/Riyadh                      
Asia/Saigon                      Asia/Sakhalin                    Asia/Samarkand                   Asia/Seoul                       Asia/Shanghai                    Asia/Singapore                   
Asia/Srednekolymsk               Asia/Taipei                      Asia/Tashkent                    Asia/Tbilisi                     Asia/Tehran                      Asia/Tel_Aviv                    
Asia/Thimbu                      Asia/Thimphu                     Asia/Tokyo                       Asia/Tomsk                       Asia/Ujung_Pandang               Asia/Ulaanbaatar                 
Asia/Ulan_Bator                  Asia/Urumqi                      Asia/Ust-Nera                    Asia/Vientiane                   Asia/Vladivostok                 Asia/Yakutsk                     
Asia/Yangon                      Asia/Yekaterinburg               Asia/Yerevan                     Atlantic/Azores                  Atlantic/Bermuda                 Atlantic/Canary                  
Atlantic/Cape_Verde              Atlantic/Faeroe                  Atlantic/Faroe                   Atlantic/Jan_Mayen               Atlantic/Madeira                 Atlantic/Reykjavik               
Atlantic/South_Georgia           Atlantic/St_Helena               Atlantic/Stanley                 Australia/ACT                    Australia/Adelaide               Australia/Brisbane               
Australia/Broken_Hill            Australia/Canberra               Australia/Currie                 Australia/Darwin                 Australia/Eucla                  Australia/Hobart                 
Australia/LHI                    Australia/Lindeman               Australia/Lord_Howe              Australia/Melbourne              Australia/NSW                    Australia/North                  
Australia/Perth                  Australia/Queensland             Australia/South                  Australia/Sydney                 Australia/Tasmania               Australia/Victoria               
Australia/West                   Australia/Yancowinna             Brazil/Acre                      Brazil/DeNoronha                 Brazil/East                      Brazil/West                      
Canada/Atlantic                  Canada/Central                   Canada/Eastern                   Canada/Mountain                  Canada/Newfoundland              Canada/Pacific                   
Canada/Saskatchewan              Canada/Yukon                     Chile/Continental                Chile/EasterIsland               Etc/GMT                          Etc/GMT+0                        
Etc/GMT+1                        Etc/GMT+10                       Etc/GMT+11                       Etc/GMT+12                       Etc/GMT+2                        Etc/GMT+3                        
Etc/GMT+4                        Etc/GMT+5                        Etc/GMT+6                        Etc/GMT+7                        Etc/GMT+8                        Etc/GMT+9                        
Etc/GMT-0                        Etc/GMT-1                        Etc/GMT-10                       Etc/GMT-11                       Etc/GMT-12                       Etc/GMT-13                       
Etc/GMT-14                       Etc/GMT-2                        Etc/GMT-3                        Etc/GMT-4                        Etc/GMT-5                        Etc/GMT-6                        
Etc/GMT-7                        Etc/GMT-8                        Etc/GMT-9                        Etc/GMT0                         Etc/Greenwich                    Etc/UCT                          
Etc/UTC                          Etc/Universal                    Etc/Zulu                         Europe/Amsterdam                 Europe/Andorra                   Europe/Astrakhan                 
Europe/Athens                    Europe/Belfast                   Europe/Belgrade                  Europe/Berlin                    Europe/Bratislava                Europe/Brussels                  
Europe/Bucharest                 Europe/Budapest                  Europe/Busingen                  Europe/Chisinau                  Europe/Copenhagen                Europe/Dublin                    
Europe/Gibraltar                 Europe/Guernsey                  Europe/Helsinki                  Europe/Isle_of_Man               Europe/Istanbul                  Europe/Jersey                    
Europe/Kaliningrad               Europe/Kiev                      Europe/Kirov                     Europe/Lisbon                    Europe/Ljubljana                 Europe/London                    
Europe/Luxembourg                Europe/Madrid                    Europe/Malta                     Europe/Mariehamn                 Europe/Minsk                     Europe/Monaco                    
Europe/Moscow                    Europe/Nicosia                   Europe/Oslo                      Europe/Paris                     Europe/Podgorica                 Europe/Prague                    
Europe/Riga                      Europe/Rome                      Europe/Samara                    Europe/San_Marino                Europe/Sarajevo                  Europe/Saratov                   
Europe/Simferopol                Europe/Skopje                    Europe/Sofia                     Europe/Stockholm                 Europe/Tallinn                   Europe/Tirane                    
Europe/Tiraspol                  Europe/Ulyanovsk                 Europe/Uzhgorod                  Europe/Vaduz                     Europe/Vatican                   Europe/Vienna                    
Europe/Vilnius                   Europe/Volgograd                 Europe/Warsaw                    Europe/Zagreb                    Europe/Zaporozhye                Europe/Zurich                    
Indian/Antananarivo              Indian/Chagos                    Indian/Christmas                 Indian/Cocos                     Indian/Comoro                    Indian/Kerguelen                 
Indian/Mahe                      Indian/Maldives                  Indian/Mauritius                 Indian/Mayotte                   Indian/Reunion                   Mexico/BajaNorte                 
Mexico/BajaSur                   Mexico/General                   Pacific/Apia                     Pacific/Auckland                 Pacific/Bougainville             Pacific/Chatham                  
Pacific/Chuuk                    Pacific/Easter                   Pacific/Efate                    Pacific/Enderbury                Pacific/Fakaofo                  Pacific/Fiji                     
Pacific/Funafuti                 Pacific/Galapagos                Pacific/Gambier                  Pacific/Guadalcanal              Pacific/Guam                     Pacific/Honolulu                 
Pacific/Johnston                 Pacific/Kiritimati               Pacific/Kosrae                   Pacific/Kwajalein                Pacific/Majuro                   Pacific/Marquesas                
Pacific/Midway                   Pacific/Nauru                    Pacific/Niue                     Pacific/Norfolk                  Pacific/Noumea                   Pacific/Pago_Pago                
Pacific/Palau                    Pacific/Pitcairn                 Pacific/Pohnpei                  Pacific/Ponape                   Pacific/Port_Moresby             Pacific/Rarotonga                
Pacific/Saipan                   Pacific/Samoa                    Pacific/Tahiti                   Pacific/Tarawa                   Pacific/Tongatapu                Pacific/Truk                     
Pacific/Wake                     Pacific/Wallis                   Pacific/Yap                      SystemV/AST4                     SystemV/AST4ADT                  SystemV/CST6                     
SystemV/CST6CDT                  SystemV/EST5                     SystemV/EST5EDT                  SystemV/HST10                    SystemV/MST7                     SystemV/MST7MDT                  
SystemV/PST8                     SystemV/PST8PDT                  SystemV/YST9                     SystemV/YST9YDT                  US/Alaska                        US/Aleutian                      
US/Arizona                       US/Central                       US/East-Indiana                  US/Eastern                       US/Hawaii                        US/Indiana-Starke                
US/Michigan                      US/Mountain                      US/Pacific                       US/Pacific-New                   US/Samoa
timezone {US/Eastern | US/Central | US/ Mountain

Show the current timezone; example:

set timezone US/Pacific

TIP:

set timezone <tab> shows options.
uptime

Show how long the system has been running.

uuid

Show the system UUID (universally unique ID).

version

Show Juniper ATP Appliance software and content security

versions:

Example

The following example displays information about the CoreCM server device type:

CoreCM(server)# show devicetype
Device type: cm, core

The following example requests data about the alternate-exhaust interface (eth2):

CoreCM(server)# show interface alternate-exhaust

The following example shows details about the Collector’s monitoring interface (eth1):

CoreCM(server)# show interface monitoring
Interface: monitoring (eth1) Enabled: Yes Link: Yes
IP Address: unknown Mask: unknown MTU: 1500
MAC Address: 90:d6:1f:22:70:g6 Speed: 1000Mb/s Duplex:
Full
Auto-negotiation: Yes Medium: Copper
RX packets: 1869032424 Bytes: 1716560257902 Errors: 0
Overruns: 0
TX packets: 409287 Bytes: 44607401 Errors: 0 Overruns: 0
Traffic rate for the last 5 seconds/1 minute/5 minutes
RX bits/sec: 108616/160176/442736
RX packets/sec: 44/46/91
TX bits/sec: 0/112/128
TX packets/sec: 0/0/0

shutdown

Table 25: shutdown

Description

Shuts down the Juniper ATP Appliance server.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

shutdown

Parameters

None

Example

The following example performs a shutdown of the current device.

JATP# shutdown

traceroute

Table 26: traceroute

Description

Displays the route packets trace to a host name or an IP address.

Product(s) CLI

All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

Mode(s)

Server

Syntax

traceroute

Parameters

-h unsigned integer

Specifies the number of hops

string

Names the remote system to be traced.

Example

The following example performs a traceroute of the named device.

JATP# traceroute -h 2 MacMininOSX-Engine

upgrade

Table 27: upgrade

Description

Upgrade Juniper ATP Appliance software for the Core/CM device or vCore, and all connected physical or virtual devices.

Product(s) CLI

All-in-One | Core CM

Mode(s)

cm

Syntax

upgrade <URI as user@hostname:path>

Parameters

<String_URI>

Specifies the software packages to copy .from a remo location for upgrading via the Core.

Example

The following example copies Juniper ATP Appliance software to the Core from a remote location defined by the path provided.

CoreCM(cm)# upgrade admin@remoteHost.edu:some/remote/ directory

updateimage

Table 28: updateimage

Description

Update or correct the guest-image OS profile used by the detection and analysis behavioral engine.

The updateimage command will update the guest images from a USB drive attached to the Juniper ATP Appliance.

Product(s) CLI

All-in-One | Core-CM | Mac Mini OS X Detection Engine

Mode(s)

Core

Syntax

updateimage

Parameters

built-in

Updates the guest-image on the detection Engine.

Example

The following example performs a built-in profile update for the Core detection engine.

JATP (core)# updateimage built-in
Installing image SC-XP-20140617.img...
Previous version of SC-XP-20140617.img exists.
Checking integrity...
Image SC-XP-20140617.img is already installed
Installing image SC-W7-20140521.img...
Previous version of SC-W7-20140521.img exists.
Checking integrity...
Image SC-W7-20140521.img is already installed

wizard

Table 29: wizard

Description

Enters the Configuration Wizard. For Configuration Wizard commands and response, see “Configuration Wizard for the CoreCM Server” in the next section to follow command prompts and recommended responses.

Product(s) CLI

All-in-One | Core/CM | Collector | Mac Mini Mac OS X

Mode(s)

Basic

Parameters

wizard

Example

None

The following command starts the configuration wizard.

hostname # wizard

Configuration Wizard for the CoreCM Server

Note:

Enter CTRL-C to exit the Configuration Wizard at any time. If you exit without completing the configuration, you will be prompted again whether to run the Configuration Wizard.

You may also rerun the Configuration Wizard at any time with the CLI command wizard.

Configuration Wizard Prompts

Customer Response Actions

Use DHCP to obtain the IP address and DNS server address for the administrative interface (Yes/No)?

Note:

Only if your DHCP response is no,enter the following information when prompted:

  1. IP address (no CIDR format)

  2. Netmask

  3. Enter a gateway IP address for this management (administrative) interface:

  4. Enter primary DNS server IP address.

  5. Do you have a secondary DNS Server (Yes/No).

  6. Do you want to enter the search domains?

  7. Enter the search domain (separate multiple search domains by space):

Restart the administrative interface (Yes/No)

We strongly discourage the use of DHCP addressing because it changes dynamically. A static IP address is preferred.

Recommended: Respond with no:

  1. Enter an IP address

  2. Enter a netmask using the form 255.255.255.0.

  3. Enter a gateway IP address.

  4. Enter the DNS server IP address

  5. If yes, enter the IP address of the secondary DNS server.

  6. Enter yes if you want DNS lookups to use a specific domain.

  7. Enter search domain(s) separated by spaces; for example: example.com lan.com dom2.com

Enter yes to restart with the new configuration settings applied.

Enter a valid hostname.

Type a hostname when prompted; do not include the domain; for example: juniperatp1

Note:

Only alphanumeric characters and hyphens (in the middle of the hostname) are allowed.

[OPTIONAL]

If the system detects a Secondary Core with an eth3 port, then the alternate CnC exhaust option is displayed:

Use alternate-exhaust for the analysis engine exhaust traffic (Yes/No)?

Enter IP address for the alternate-exhaust (eth2) interface:

Enter netmask for the alternate-exhaust (eth2) interface: (example: 255.255.0.0)

Enter gateway IP Address for the alternateexhaust (eth2) interface: (example:10.6.0.1)

Enter primary DNS server IP Address for the alternate-exhaust (eth2) interface: (example: 8.8.8.8)

Do you have a secondary DNS server for the alternate-exhaust (eth2) interface?

Do you want to enter the search domains for the alternate-exhaust (eth2) interface?

Note:

A complete network interface restart can take more than 60 seconds

Refer to “Configuring an Alternate Analysis Engine Interface” in the Juniper ATP Appliance Operator’s Guide for more information.

Enter yes to configure an alternate eth2 interface.

Enter the IP address for the eth2 interface.

Enter the eth2 netmask.

Enter the gateway IP address.

Enter the primary DNS server IP Address for the alternate-exhaust (eth2) interface.

Enter yes or no to confirm or deny an eth2 secondary DNS server.

Enter yes or no to indicate whether you want to enter search domain.

Regenerate the SSL self-signed certificate (Yes/No)?

Enter yes to create a new SSL certificate for the Juniper ATP Appliance Server Web UI.

If you decline the self-signed certificate by entering no, be prepared to install a certificate authority (CA) certificate.

Enter the following server attributes:

Central Manager (CM) IP Address:

Device Name: (must be unique)

Device Name: (must be unique)

Device Key PassPhrase

Note:

Remember this passphrase and use it for all distributed devices.

Is this a Central Manager device?:

Enter Yes; the system will auto-set IP 127.0.0.1 as the All-in-One IP address.

Enter a connected Juniper ATP Appliance Collector Device Name; this identifies the Collector in the Web UI.

Enter a device Description

Enter a user-defined PassPhrase to be used to authenticate the Core to the Central Manager.