Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Configure a dynamic attack group. A dynamic attack group selects its members based on the filters specified in the group. Therefore, the list of attacks is updated (added or removed) when a new signature database is used.


dynamic-attack-group-name—Name of the dynamic attack group.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.3.

The expression option added in Junos OS Release 11.4.

Additional tags under filters of dynamic attack groups (CVSS score, age-of-attack, file-type, vulnerability-type) are added in Junos OS Release 18.2R1 for dynamic attacks grouping of IDP signatures. The Product and Vendor tags are already supported under existing filter products. The CLI interface for configuring these tags is now more user friendly with possible completions being available for configuration in 18.2R1.

The Excluded and no-excluded filters are added in Junos OS Release 19.1R1.