Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Threat Profiling Support in Security Policy

SUMMARY 

Support for Threat Feeds in Security Policies

SRX Series devices can generate, propagate, and consume threat feeds based on their own advanced detection and policy-match events.

Juniper ATP Cloud service consolidates the generated feeds from SRX Series device and shares the duplicated results back to the security device. The security device then uses the feeds to perform actions against the designated traffic. You can enable the security device to use the feeds by configuring security policies with the feeds as a matching criteria. When traffic matches policy conditions, the device applies policy actions.

SRX Series devices support following types of threat feeds in the security policies:

  • source and destination addresses
  • user source identity (user name)

Workflow in using the threat feeds in security policies:

  1. In a security policy, you can add the source address/destination address,/source identity (user name) as a feed for the policy action (deny, reject, and permit rules).
  2. Policy module adds the username to the traffic’s IP address into the feed.
  3. Once the feed is created, Juniper ATP cloud consolidates feeds from all SRX Series devices in your enterprise and sends result to SRX Series device.
  4. When you create another security policy, you can add the feed as match criteria.

See Adaptive Threat Profiling Overview for more information on configuring and deploying security policies with feeds.