Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure Threat Intelligence Sharing

Juniper ATP Cloud can use the TAXII service to contribute to STIX reports by sharing the threat intelligence it gathers from file scanning. Juniper ATP Cloud also uses threat information from STIX reports as well as other sources for threat prevention. See HTTP File Download Details for more information about STIX reports.

Structured Threat Information eXpression (STIX) is a language used for reporting and sharing threat information using Trusted Automated eXchange of Indicator Information (TAXII). TAXII is the protocol for communication over HTTPS of threat information between parties.

STIX and TAXII are open, community-driven standards that support the automated exchange of threat information in standardized formats.

TAXII is disabled by default. If you enable TAXII, you can limit who has access to your shared threat information by creating an application token. For more information, see. Create Application Tokens.

To enable and configure threat intelligence sharing:

  1. Select Configure > Threat Intelligence Sharing.
  2. Move the knob to the right to Enable TAXII.
  3. Move the slidebar to designate a file sharing threshold. Only files that meet or exceed the set threshold will be used in STIX reports. The default is threat level 6 or higher.

    You can limit who has access to your information by creating an application token. See. Create Application Tokens.

Table 1 outlines the URLs and services for TAXII 1.0.

Table 1: TAXII 1.0 URLs and Services

TAXII URLs and Services

Description

Discovery URL

Used by the TAXII 1.0 client to discover available TAXII Services.

Use command taxii-discovery to initiate a TAXII request. For more information about commands, see TAXII documentation.

Juniper ATP Cloud Discovery URLs are:

US Region: https://taxii.sky.junipersecurity.net/services/discovery

EU Region: https://taxii-eu.sky.junipersecurity.net/services/discovery

APAC Region: https://taxii-apac.sky.junipersecurity.net/services/discovery

Canada: https://taxii-canada.sky.junipersecurity.net/services/discovery

The two following services are supported by Juniper ATP Cloud on the TAXII 1.0 server:

Collection Management

Used by the TAXII 1.0 client to request information about available data collections.

Juniper ATP Cloud Collection Management URLs are:

US Region: https://taxii.sky.junipersecurity.net/services/collection-management

EU Region: https://taxii-eu.sky.junipersecurity.net/services/collection-management

APAC Region: https://taxii-apac.sky.junipersecurity.net/services/collection-management

Canada: https://taxii-canada.sky.junipersecurity.net/services/collection-management

Poll URL

Used by the TAXII 1.0 client to poll for STIX files - looking for malware that has been identified on the network.

Juniper ATP Cloud Polling URLs are:

US Region: https://taxii.sky.junipersecurity.net/services/poll

EU Region: https://taxii-eu.sky.junipersecurity.net/services/poll

APAC Region: https://taxii-apac.sky.junipersecurity.net/services/poll

Canada: https://taxii-canada.sky.junipersecurity.net/services/poll

Table 2 outlines the URLs and services for TAXII 2.1.

Table 2: TAXII 2.1 URLs and Services

TAXII URLs and Services

Description

Discovery URL

Used by the TAXII 2.1 client to discover available TAXII Services.

For more information, see TAXII documentation.

Juniper ATP Cloud Discovery URLs are:

US Region: https://taxii.sky.junipersecurity.net/taxii2/

EU Region: https://taxii-eu.sky.junipersecurity.net/taxii2/

APAC Region: https://taxii-apac.sky.junipersecurity.net/taxii2/

Canada: https://taxii-canada.sky.junipersecurity.net/taxii2/

The three following services are supported by Juniper ATP Cloud on the TAXII 2.1 server:
API Root

Used by the TAXII 2.1 clients to access the API root metadata.

Juniper ATP Cloud API Root URLs are:

US Region: https://taxii.sky.junipersecurity.net/taxii2/api1/

EU Region: https://taxii-eu.sky.junipersecurity.net/taxii2/api1/

APAC Region: https://taxii-apac.sky.junipersecurity.net/taxii2/api1/

Canada: https://taxii-canada.sky.junipersecurity.net/taxii2/api1/

Collections

Used by the TAXII 2.1 client to list available collections.

Juniper ATP Cloud Collection URLs are:

US Region: https://taxii.sky.junipersecurity.net/taxii2/api1/collections/

EU Region: https://taxii-eu.sky.junipersecurity.net/taxii2/api1/collections/

APAC Region: https://taxii-apac.sky.junipersecurity.net/taxii2/api1/collections/

Canada: https://taxii-canada.sky.junipersecurity.net/taxii2/api1/collections/

Collection Detail

Used by the TAXII 2.1 client to retrieve metadata for the collection skyatp_recent_data_v21.

Juniper ATP Cloud Collection Detail URLs are:

US Region: https://taxii.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/

EU Region: https://taxii-eu.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/

APAC Region: https://taxii-apac.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/

Canada: https://taxii-canada.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/

Objects

Used by the TAXII 2.1 client to retrieve STIX objects from collection skyatp_recent_data_v21.

Juniper ATP Cloud Objects URLs are:

US Region: https://taxii.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/objects/

EU Region: https://taxii-eu.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/objects/

APAC Region: https://taxii-apac.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/objects/

Canada: https://taxii-canada.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/objects/
Manifest URL

Used by the TAXII 2.1 clients to retrieve manifest entries for collection skyatp_recent_data_v21.

Juniper ATP Cloud Manifest URLs are:

US Region: https://taxii.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/manifest/

EU Region: https://taxii-eu.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/manifest/

APAC Region: https://taxii-apac.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/manifest/

Canada: https://taxii-canada.sky.junipersecurity.net/taxii2/api1/collections/skyatp_recent_data_v21/manifest/

Related Documentation