Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About the ATP Generated Reports Page

To access this page, select Monitor > Reports > ATP Generated Reports.

You can configure ATP threat assessment reports to be run on-demand or on scheduled intervals. While you cannot determine the information included in the report, you can narrow information to a selected timeframe. When the system generates a report, you and other designated recipients receive the report in PDF format through e-mail.

Tasks You Can Perform

You can perform the following tasks from this page:

  • Download the report—Click on a report PDF name to download the report. The content of the generated report is shown in Table 2.
  • Delete the report—Select a report and click the delete icon (trash can). An alert message asking for confirmation to delete your selection is displayed. Click Yes to delete the report.

Table 1 displays the fields on ATP Generated Reports page.

Table 1: ATP Generated Reports
Field Description
Report PDF Name Name of the generated ATP report. Click on the report name to download the report. The details of the report is described in Table 2.
Generated Time Date and time of report creation.
Description Description of the generated report.
Definition Definition of the generated report.
Generated By User who generated the report.
Recipients User with whom the report is shared.
Table 2: ATP Threat Assessment Report Contents

Report Category

Definition

Executive Summary

An overview report data separated into following categories:

  • Malware—Lists newly discovered malware and known malware.

  • C&C Server Destinations—Lists C&C server destination.

    Note:

    The criteria to display the C&C server destination in the reports is that the threat level must be equal to or greater than 7.

  • Hosts with Malicious Activities—Lists the following:

    • Infected hosts—Lists the number of potentially infected hosts whose threat level is less than the threshold threat level that is set by the customer.

    • Blocked hosts—Lists the number of infected hosts that have met the threshold threat level and is blocked by policies configured on Juniper Secure Edge.

  • Domains and URLs—Lists the domains and URLs that are suspicious or known to be risky.

  • High-risk User Data—Lists the following:

    • Users’ computers infected with malware.

    • High-risk web sites accessed by users.

Malware

The malware section contains the following information:

  • Top Malware Identified—Lists the names of the top malware by count.

  • Top Infected File MIME Types—Lists the top infected multi-purpose Internet mail extensions (MIME) by count.

  • Top Scanned File Categories—Lists the top file categories that are scanned.

C&C Server and Malware Locations

This section contains the following information:

  • Top C&C Server Location by Count—Lists the top countries for command and control (C&C) servers by number of communication attempts (C&C hits).

  • Top Malware Threat Locations by Count—Lists the top countries with malware threats.

Hosts

This section contains the following information:.

  • Top Compromised Hosts—Lists the top hosts that may have been compromised based on their associated threat level.

Risky Files

This section contains the following information:

  • Top Risky File Categories by Count—Lists the top risky file categories by count for known and newly discovered malicious files.

  • Top Risky Files Detected by Count—Lists the top risky files detected by count.

  • Top IPs Detected Attempting to Access Risky Files by Count—Lists the top IP addresses attempting to access risky files.

  • Top Risky Files Detected by IPs—Lists the top risky files detected per top IP address attempting to access the files.

Risky Domains, URLS, AND IPs

This section contains the following information: top risky domains, URLs, and IP addresses detected by the number of times access was attempted. It also includes the top users who have attempted to access these risky domains, URLs, and IP addresses.

  • Top Detected Risky Domains, URLs, and IPs by Count—Lists the top risky domains, URLs, and IP addresses detected by the number of times access was attempted.

  • Most Active Users for Risky Domains, URLs, and IPs by Count—Lists the top users who are most active in attempting to access the risky domains, URLs, and IP addresses by count.

  • Top Detected Risky Domains, URLs, and IPs by Threat Level—Lists the top risky domains, URLs, and IP addresses detected by the threat level.

Email

This section contains the list of actions taken on scanned emails. It also includes email attachments determined to be malware and users who are risky email senders.

  • Actions Taken—Lists the action taken for scanned e-mail.

  • High-Risk Email Data—Lists the count of e-mail attachments with malware and risky senders.

  • Malicious SMTP Email by Count—The report breaks scanned e-mail down by protocol and lists SMTP e-mails found to be malicious.

  • Malicious IMAP Email by Count—The report breaks scanned e-mail down by protocol and lists IMAP e-mails found to be malicious.

  • Top Risky File Categories Detected for Email Attachments—Lists the top risky file categories that were detected from files received as e-mail attachments.

  • Top Risky Email Attachments Detected by Count—Lists the top risky files that are detected from email attachments.

  • Top Users Receiving Risky Email Attachments—Lists the top users who are receiving risky file attachments through e-mail.

  • Top Risky Email Attachments Detected per Top Users—Lists the top users and their most risky file attachments.

  • Top Risky Email Sender Domains by Count—Lists the top risky sender domains based on the threat level of file attachments sent in email.

  • Top Sender Domains of Risky File Attachments by Count—Lists the top sender domains with risky file attachments and the count of how many times the risky file attachments that were detected.

  • Actions on SMTP Malicious Email by Count—Lists actions taken for malicious SMTP e-mails.

  • Actions on IMAP Malicious Email by Count—Lists actions taken for malicious IMAP e-mails.

Devices

This section contains the following information:

  • Zero submissions—List of devices that have not submitted files in the past 30 days.
  • Expiring Devices—List of devices that are going to expire in next 60 days.