Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Threat Sources Overview

Access this page from the Monitor menu.

The Threat Sources page lists information of servers that have attempted to contact and compromise hosts on your network. A threat source is a centralized computer that issues commands to botnets (compromised networks of computers) and receives reports back from the botnets.

Benefits

Use Command and Control (C&C) feeds to:

  • Add another layer of protection to your network, preventing the creation of botnets from within your network. Botnets gather sensitive information, such as account numbers or credit card information, and participate in distributed denial-of-service (DDoS) attacks.

  • Prevent botnets from communicating with your network hosts to gather information or launch an attack.

You can allowlist threat sources from the details page. See Threat Source Details.

Note:

  • C&C, GeoIP filtering and Domain Name System (DNS) feeds are only available with a Juniper ATP Cloud license. For a feature specific licensing information, see Software Licenses for ATP Cloud.

  • At this time, C&C URL feeds are not supported with SSL forward proxy.

  • The retention period for threat sources is 60 days.

The following information is available on this page.

Table 1: Threat Source Data Fields

Field

Definition

External Server

The IP address or hostname of the suspected threat source.

Blocked Via

Displays the custom feed name.

Highest Threat Level

The threat level of the threat source as determined by an analysis of actions and behaviors.

Count

The number of times hosts on the network have attempted to contact the threat server.

Country

The country where the threat source is located.

Last Seen

The date and time of the most recent threat source hit.

Action

The action taken on the communication

For example: permitted, sinkhole, or blocked

Category

Displays the DNS feed category. The available options are custom, global, and allowlist.

DNS Record Type

Displays the query type of the DNS request. The supported DNS query types are A, AAAA, MX, CNAME, SRV, SRV NoErr, TXT, ANY, and so on.

Related Documentation