security-metadata-streaming
Syntax
security-metadata-streaming { dns-cache { custom-list [benign <domin-name> | c2 <domain-name>]; } policy policy-name { dns { cache { ttl { benign value; c2 value; } } detections { all { action [deny | permit | sinkhole]; notification [log |log-detections]; fallback-options { notification { log; } } } dga { action [deny | permit | sinkhole]; verdict-timeout value; notification [log | log-detections]; fallback-options { notification { log; } } } tunneling { action [deny | permit | sinkhole]; notification [log | log-detections]; inspection-depth value; fallback-options { notification { log; } } } } dynamic-filter; http { action permit; notification { log; } } }
Hierarchy Level
[edit services]
Description
Configure security metadata streaming policy on SRX Series devices to send the metadata and connection patterns of a network traffic to Juniper Networks ATP Cloud for encrypted traffic insights. After configuring the security metadata streaming policy, attach it to the security policy at zone-level.
set security policies from-zone from-zone to-zone
to-zone application-services
security-metadata-streaming-policy dns-policy
Options
dns-cache | Configure a list of static benign and command-and-control (C2) domains in
the Domain Name System (DNS) cache to take immediate action on configured
domains. Only wildcard domains are allowed. The domain format must be
*.domain_name.domain_ending . The entries configured in
DNS Cache via CLI will remain in the DNS Cache until that configuration is
deleted from the device. You can configure a maximum of 500 domains each in
benign list and c2 list. |
|
policy policy-name | Configure the security-metadata-streaming policy. |
dns | Configure DNS options. |
cache | Store DNS in cache till time-to-live (TTL). The TTL provided by SRX Series
device overrides Juniper ATP Cloud provided TTL. Note:
You must configure at least one DNS detection method to configure DNS cache.
|
detections | Configure the detection type for DNS requests. The available options are
all, dga, and tunneling. You can configure any of the following
detections.
Note:
Each detection method has a fallback option which is used in case nothing is detected within a certain number of packets (in case of tunneling) or within a certain time period (in case of DGA). |
all | Configure all detections.
|
dga | Configure to detect DGA-based attacks on DNS packets.
|
tunneling | Configure to detect DNS tunneling.
|
dynamic-filter | Configure dynamic filtering options for security metadata streaming policy on SRX Series devices. |
http | Configure HTTP options.
|
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 20.2R1 on SRX Series services gateways with Juniper Advanced Threat Prevention Cloud (Juniper ATP Cloud).