Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

SecIntel Profiles Overview

Secintel profiles enable you to block malicious and unwanted traffic such as Command and Control (C&C) communications, compromised IP address or IP subnet, and domains connected to malicious activity.

The following SecIntel profiles are supported:

  • SecIntel (C&C) Profile: Provides information on C&C servers that have attempted to contact and compromise hosts on your network. A C&C server is a centralized computer that issues commands to botnets of compromised networks of computers and receives reports back from them.

  • SecIntel DNS Profile: Includes feeds and threat score to list the domains that are known to be connected to malicious activity.

  • SecIntel Infected Host Profile: Includes feeds and threat score to list the IP address or IP subnet of the compromised host. Infected hosts indicate local devices that are potentially compromised because they appear to be part of a C&C network or exhibit other symptoms.

Configure SecIntel profiles to work with security intelligence feeds, such as C&C, DNS, and infected hosts. The SecIntel process downloads the SecIntel feeds and parses from the feed connector or ATP Cloud feed server. Anything that matches these scores is considered malware or an infected host.

To access the page, select SRX > Security Subscriptions > SecIntel > Profiles.

Field Description

Table 1 describes the fields on the SecIntel Profiles page.
Table 1: Fields on the SecIntel Profiles Page
Field Description
Name Displays the SecIntel profile name.
Type

Displays if the SecIntel profile is a C&C, a DNS, or an infected hosts profile.

Block action

Displays the notification action taken with the block action. For example, Close session, Drop packet, and Sinkhole.

Description Displays the description of the SecIntel profile.