Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

January, 2024 Release

New and Changed Features: January, 2024

Reverse shell detections

You can monitor reverse shell detections on Juniper ATP Cloud portal to identify potential data thefts. The SRX Series Firewall will analyze the traffic pattern between the client and the server over a brief period to identify the reverse shell sessions. The SRX Series Firewall will then send the telemetry data to the Juniper ATP Cloud. If you decide that a destination IP address is not malicious, you can choose to add the IP address to allowlist and exclude from the reverse shell detection.

[See Reverse Shell Overview.]

Removed multi-factor authentication (mfa) details in the audit logs

The mfa details indicated the mfa support for the used API token and not for the login. To avoid confusion, we have removed the mfa details in the new audit logs. However, you can view the mfa details for the existing audit logs.

[See Viewing Audit Logs.]

DNS allowlist feeds

We have added the following feeds for the DNS allowlists in the cloud feeds manifest file:

  • dns_whitelist_domain - This feed is obtained from the Juniper ATP Cloud portal. To configure the feeds, navigate to Configure > Allowlists > DNS tab.

  • whitelist_dns - This is a Juniper internal feed and there is no configuration required for this feed.

  • whitelist_dns_umbrella - This is a Juniper internal feed and there is no configuration required for this feed.

[See Allowlist and Blocklist Overview and Create Allowlists and Blocklists.]