Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About the SecIntel Profiles Page

You are here: Security Services > Advanced Threat Prevention > SecIntel Profiles.

Juniper Networks Security Intelligence (SecIntel) provides carefully curated and verified threat intelligence from industry-leading threat feeds to SRX Series Firewalls. This enables blocking malicious and unwanted traffic such as Command and Control (C&C) communications, GeoIP, Attacker IPs, and more with minimum latency. SecIntel delivers real-time threat intelligence by enabling automatic and responsive traffic filtering.

Configure SecIntel profiles to work with security intelligence feeds, such as C&C, DNS, and infected hosts. The Security Intelligence process is responsible for downloading the security intelligence feeds and parsing from the feed connector or ATP Cloud feed server. Anything that matches these scores is considered malware or an infected host.

Tasks You Can Perform

You can perform the following tasks from this page:

  • View the list of C&C, DNS, and infected hosts profiles. To do this, select All, Command & Control, DNS, or Infected Hosts from the View by list.

  • Configure DNS sinkhole. See Configure DNS Sinkhole.

  • Create a C&C profile. See Create a Command and Control Profile.

  • Edit a C&C profile. See Edit a Command and Control Profile.

  • Delete a C&C profile. See Delete a Command and Control Profile.

  • Create a DNS profile. See Create a DNS Profile.

  • Edit a DNS profile. See Edit a DNS Profile.

  • Delete a DNS profile. See Delete a DNS Profile.

  • Create an infected hosts profile. See Create an Infected Hosts Profile.

  • Edit an infected hosts profile. See Edit an Infected Hosts Profile.

  • Delete an infected hosts profile. See Delete an Infected Hosts Profile.

  • Clone a C&C, DNS, or an infected hosts profile. To do this:

    1. Select an existing C&C, DNS, or an infected hosts profile to clone from the SecIntel Profiles page.

    2. Select Clone from the More link.

      The Clone <Command & Control, DNS, or Infected Hosts> Profile page opens with editable fields.

  • Show or hide columns in the SecIntel Profiles table. To do this, use the Show Hide Columns icon in the upper-right corner of the page, and select the options to show or deselect to hide options on the page.

  • Advanced search for SecIntel profiles. To do this, use the search text box present above the table grid. The search includes the logical operators as part of the filter string. In the search text box, when you hover over the icon, it displays an example filter condition. When you start entering the search string, the icon indicates whether the filter string is valid or not.

    For an advanced search:

    1. Enter the search string in the text box.

      Based on your input, a list of items from the filter context menu appears.

    2. Select a value from the list and then select a valid operator to perform the advanced search operation.

      Note:

      Press Spacebar to add an AND operator or an OR operator to the search string. Press backspace at any point of time while entering a search criteria, only one character is deleted.

    3. Press Enter to display the search results in the grid.

Field Descriptions

Table 1 describes the fields on the SecIntel Profiles page.

Table 1: Fields on the SecIntel Profiles Page

Field

Description

Name

Displays the SecIntel profile name.

Type

Displays if the SecIntel profile is a C&C, a DNS, or an infected hosts profile.

Feeds

Displays the feeds that are associated with the C&C, DNS, or infected hosts profile.

Block Action

Displays the notification action taken with the block action. For example, Redirect URL, Redirect Message, and Sinkhole.

Description

Displays the description of the SecIntel profile.