January, 2024 Release
New and Changed Features: January, 2024
- Reverse shell detections
- Removed multi-factor authentication (mfa) details in the audit logs
- DNS allowlist feeds
Reverse shell detections
You can monitor reverse shell detections on Juniper ATP Cloud portal to identify potential data thefts. The SRX Series Firewall will analyze the traffic pattern between the client and the server over a brief period to identify the reverse shell sessions. The SRX Series Firewall will then send the telemetry data to the Juniper ATP Cloud. If you decide that a destination IP address is not malicious, you can choose to add the IP address to allowlist and exclude from the reverse shell detection.
[See Reverse Shell Overview.]
Removed multi-factor authentication (mfa) details in the audit logs
The mfa details indicated the mfa support for the used API token and not for the login. To avoid confusion, we have removed the mfa details in the new audit logs. However, you can view the mfa details for the existing audit logs.
[See Viewing Audit Logs.]
DNS allowlist feeds
We have added the following feeds for the DNS allowlists in the cloud feeds manifest file:
-
dns_whitelist_domain - This feed is obtained from the Juniper ATP Cloud portal. To configure the feeds, navigate to Configure > Allowlists > DNS tab.
-
whitelist_dns - This is a Juniper internal feed and there is no configuration required for this feed.
-
whitelist_dns_umbrella - This is a Juniper internal feed and there is no configuration required for this feed.
[See Allowlist and Blocklist Overview and Create Allowlists and Blocklists.]