Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Juniper Threat Feeds Overview

SecIntel feeds include threat feeds provided by Juniper Networks, 3rd party threat feeds, or Dynamic Address Group (DAG) feeds. The SecIntel threat feeds provided by Juniper Networks is shown in Table 1.


The Infected Host feed is enabled by default for all license tiers. All other Juniper Threat feeds are enabled by default with Secure Edge Advanced or higher license.

Table 1: Juniper Threat Feeds



Command and Control Feed

C&C feeds are essentially a list of servers that are known command and control for botnets. The list also includes servers that are known sources for malware downloads.

Malicious Domains (DNS)

List of domains that are known to be connected to malicious activity.

Infected Host Feed

Infected hosts indicate local devices that are potentially compromised because they appear to be part of a C&C network or exhibit other symptoms.