Monitor ATP
You are here: Monitor > Logs > ATP.
Use the monitoring functionality to view the ATP page. Analyzing the Juniper ATP logs yields information such as malware name, action taken, infected host, source of an attack, and destination of an attack.
ATP page is available on all the SRX Series devices except the SRX5000 line of devices.
Table 1 describes the fields on the ATP page.
Field |
Description |
---|---|
Last |
Select the time from the list to view the activity that you are most interested in. Once the time is selected, all of the data presented in your view is refreshed automatically. You can also use Customize to set a custom date and click Apply to view the specified ATP logs. |
Refresh |
Click the refresh icon to get the latest ATP log information. |
Show Hide Columns |
This icon is represented by three vertical dots. Enables you to show or hide a column in the grid. |
Export to CSV |
You can export the ATP log data to a comma-separated value (.csv) file. Select the three vertical dots on the right-side of the page and click Export to CSV. The CSV file is downloaded to your local machine. You can download only maximum of 100 ATP log data. |
Filter Criteria |
Use the filter text box present above the table grid. The search includes the logical operators as part of the filter string. In the filter text box, when you hover over the icon, it displays an example filter condition. When you start entering the search string, the icon indicates whether the filter string is valid or not. The following filters are available:
|
X |
Click X to clear your search filters. |
Save Filter |
Click Save Filter to save filters after you specify the filtering criteria. To save a filter:
|
Load Filter |
Displays the saved filters list. Hover over the saved filter name to view the query expression. You can delete the saved filter using the delete icon. |
Time |
Displays the time when the ATP log was received. |
Log Type |
Displays the ATP log type: Action, Malware event, SMTP action, and IMAP action. |
Source Zone |
Displays the source zone of the ATP log. |
Source IP |
Displays the source IP address from where the ATP log occurred. |
Source Port |
Displays the port number of the source. |
User |
Displays the username who downloaded the possible malware. |
Destination Zone |
Displays the destination zone of the ATP log. |
Destination IP |
Displays the destination IP of the ATP log occurred. |
Destination Port |
Displays the destination port of the ATP log. |
Application |
Displays the application name from which the ATP logs are generated. |
Action |
Displays the action taken from the event: log, permit, and log and permit. |
Session ID |
Displays the session ID of the ATP log. |
Policy |
Displays the name of policy that enforced this action. |
List Hit |
Displays the number of times the C&C server has attempted to contact hosts on your network. |
URL |
Displays the accessed URL name that triggered the event. |
Sample SHA256 |
Displays the SHA-256 hash value of the downloaded file. |
File Hash Lookup |
Displays the hash of the file sent for matching against known malware. |
File Name |
Displays the name of the file, including the extension. |
Protocol |
Displays the protocol that the C&C server used to attempt communication. |
File Category |
Displays the type of file. Examples: PDF, executable, document. |
Hostname |
Displays the hostname of device that downloaded the possible malware. |
Verdict Number |
Displays the a score or threat level for a file. |
Malware Info |
Displays the malware name or brief description. |
Send To |
Displays the email address. |
Send From |
Displays the email address. |
Tenant ID |
Displays the internal unique identifier. |