SecIntel Profiles Overview
Secintel profiles enable you to block malicious and unwanted traffic such as Command and Control (C&C) communications, compromised IP address or IP subnet, and domains connected to malicious activity.
The following SecIntel profiles are supported:
-
SecIntel (C&C) Profile: Provides information on C&C servers that have attempted to contact and compromise hosts on your network. A C&C server is a centralized computer that issues commands to botnets of compromised networks of computers and receives reports back from them.
-
SecIntel DNS Profile: Includes feeds and threat score to list the domains that are known to be connected to malicious activity.
-
SecIntel Infected Host Profile: Includes feeds and threat score to list the IP address or IP subnet of the compromised host. Infected hosts indicate local devices that are potentially compromised because they appear to be part of a C&C network or exhibit other symptoms.
Configure SecIntel profiles to work with security intelligence feeds, such as C&C, DNS, and infected hosts. The SecIntel process downloads the SecIntel feeds and parses from the feed connector or ATP Cloud feed server. Anything that matches these scores is considered malware or an infected host.
To access the page, select SRX > Security Subscriptions > SecIntel > Profiles.
Field Description
Table 1 describes the fields on the SecIntel Profiles page.Field | Description |
---|---|
Name | Displays the SecIntel profile name. |
Type |
Displays if the SecIntel profile is a C&C, a DNS, or an infected hosts profile. |
Block action |
Displays the notification action taken with the block action. For example, Close session, Drop packet, and Sinkhole. |
Description | Displays the description of the SecIntel profile. |