show services advanced-anti-malware statistics
Syntax
show services advanced-anti-malware statistics show services advanced-anti-malware malware-db-statistics
Description
Displays Juniper Advanced Threat Prevention Cloud statistics, such as total number of sessions processed, number of sessions blocked because they contained malware or were considered C&C sites. Use this command to get an overview of how much malware is being blocked on your site.
You can reset these statistics, for example when you change the Juniper Advanced Threat
Prevention Cloud profile or policy, using the clear services advanced-anti-malware
statistics command.
Required Privilege Level
View
Output Fields
Table 1 lists
the output fields for the show services advanced-anti-malware statistics
command. Output fields are listed in the approximate order in which they appear.
|
Field Name |
Field Description |
|---|---|
|
Session interested |
Number of sessions that match both the firewall policy and the Juniper Advanced Threat Prevention Cloud policy. |
|
Session ignored |
Total number of sessions where the traffic is not HTTP or HTTPS. |
|
Session hit blocklist |
Total number of sessions where the contacted server is on the Juniper ATP Cloud blocklist. |
|
Session hit allowlist |
Total number of sessions where the contacted server is on the Juniper ATP Cloud allowlist. |
|
Session active |
Number of current active sessions. |
|
Session blocked |
Number of sessions blocked for any reason. |
|
Session permitted |
Number of sessions permitted, such as when allowed through the allowlist. Basically, this is any session that is not blocked. |
|
File submission success |
Number of files successfully submitted to the Juniper ATP Cloud for inspection. |
|
File submission failure |
Number of files that were not submitted successfully to the Juniper ATP Cloud for inspection. This may occur when an error occurs while files are in the submission queue. Number of files that were blocked due to signature match. |
|
File submission not needed |
Files not submitted to the Juniper ATP Cloud for inspection because they were below minimum or above the maximum size, above the sample rate, or the submission was paused. |
|
File verdict meets threshold |
Number of files where the returned verdict is greater than or equal to the specified threshold. |
|
File verdict under threshold |
Number of files where the returned verdict is less than the specified threshold. |
|
File fallback blocked |
Number of files that were blocked due to a fallback condition. |
|
File fallback permitted |
Number of files permitted during a fallback condition. |
|
File hit submission limit |
Number of files that could not be submitted to the Juniper ATP Cloud because a rate limit fallback occurred. |
|
Email processed |
Total number of e-mail attachments sent to the Juniper ATP Cloud. |
|
Email permitted |
Total number of e-mails sent to their recipients. |
|
Email blocked |
Total number of e-mails blocked from being sent to their recipients. |
|
Email tag-and-delivered |
Number of e-mails delivered with warning headers attached. If you configured this option, headers are added to e-mails that most mail servers recognize and filter into Spam or Junk folders. |
|
Email quarantined |
Total number of e-mails quarantined due to their attachments containing malware. |
|
Email fallback blocked |
Total number of e-mails blocked from being sent to their recipient due to configured fallback settings. |
|
Email fallback permitted |
Total number of e-mails sent to their recipient due to configured fallback settings. |
|
Email hit allowlist |
E-mails are checked against administrator-configured blocklists and allowlists using information such as Envelope From (MAIL FROM), Envelope To (RCPT TO), Body Sender, Body Receiver. If an e-mail matches the allowlist, that e-mail is allowed through without any scanning. If an email matches the blocklist, it is considered to be malicious and is handled the same way as an e-mail with a malicious attachment. |
|
Email hit blocklist |
E-mails are checked against administrator-configured blocklists and allowlists using information such as Envelope From (MAIL FROM), Envelope To (RCPT TO), Body Sender, Body Receiver. If an e-mail matches the allowlist, that email is allowed through without any scanning. If an e-mail matches the blocklist, it is considered to be malicious and is handled the same way as an e-mail with a malicious attachment. |
show services advanced-anti-malware malware-database-statistics Output
Fields lists the output fields for the show services advanced-anti-malware
malware-database-statistics command. Output fields are listed in the approximate
order in which they appear.
|
Field Name |
Field Description |
|---|---|
|
Malware DB type |
The malware signature database type. Currently only hot-db is supported. Hot DB consists exclusively of signatures that are generated from files submitted to Juniper ATP cloud from SRX Series Firewalls and various sources. |
|
Total signatures |
Total number of malware signatures at any given time. |
|
Malware DB version |
The signature database version. |
|
Malware DB update time |
The date and time when the malware signature database was last updated. |
|
Malware scan statistics |
|
|
File scanned |
Total number of files scanned by the device. |
|
Malware found |
Total number of malwares signature hits. |
|
Malware blocked |
Number of malwares blocked based on the action set for the malware signature. The detected malware file will be immediately blocked after the signature match. Full file submission to Juniper ATP cloud is blocked. SRX Series Firewall shares a notification of the malware hit event to Juniper ATP Cloud. |
|
Malware permitted |
Number of malwares permitted based on the action set for the malware signature. |
Sample Output
- show services advanced-anti-malware statistics
- show services advanced-anti-malware malware-database-statistics
show services advanced-anti-malware statistics
user@host> show services advanced-anti-malware statistics
Advanced-anti-malware session statistics:
Session interested: 4
Session ignored: 0
Session hit blacklist: 0
Session hit whitelist: 0
Total HTTP HTTPS SMTP SMTPS IMAP IMAPS SMB
Session active: 0 0 0 0 0 0 0 0
Session blocked: 3 1 0 0 0 1 0 1
Session permitted: 1 0 0 1 0 0 0 0
Advanced-anti-malware file statistics:
Total HTTP HTTPS SMTP SMTPS IMAP IMAPS SMB
File submission success: 1 0 0 1 0 0 0 0
File submission failure: 3 1 0 0 0 1 0 1
File submission not needed: 0 0 0 0 0 0 0 0
File verdict meets threshold: 4 1 0 1 0 1 0 1
File verdict under threshold: 0 0 0 0 0 0 0 0
File fallback blocked: 0 0 0 0 0 0 0 0
File fallback permitted: 0 0 0 0 0 0 0 0
File hit submission limit: 0 0 0 0 0 0 0 0
Advanced-anti-malware file hash statistics:
Total HTTP HTTPS
File hash eligible samples: 0 0 0
File hash selected samples: 0 0 0
File hash submitted samples: 0 0 0
File hash failed samples: 0 0 0
File hash known samples: 0 0 0
File hash unknown samples: 0 0 0
File hash verdict timeout: 0 0 0
Advanced-anti-malware email statistics:
Total SMTP SMTPS IMAP IMAPS
Email processed: 2 1 0 1 0
Email permitted: 1 1 0 0 0
Email blocked: 1 0 0 1 0
Email tag-and-delivered: 0 0 0 0 0
Email quarantined: 0 0 0 0 0
Email fallback blocked: 0 0 0 0 0
Email fallback permitted: 0 0 0 0 0
Email hit whitelist: 0 0 0 0 0
Email hit blacklist: 0 0 0 0 0
show services advanced-anti-malware malware-database-statistics
user@host>show services advanced-anti-malware malware-database-statistics
Malware scan statistics:
Malware DB type: hot_db
Total signatures: 1168
Malware DB version: 1632950572
Malware DB update time: 2021-09-29 14:24:56 PDT
Total HTTP HTTPS SMTP SMTPS IMAP IMAPS SMB
File scanned: 4 1 0 1 0 1 0 1
Malware found: 4 1 0 1 0 1 0 1
Malware blocked: 3 1 0 0 0 1 0 1
Malware permitted: 1 0 0 1 0 0 0 0
Shown below is an example that is applicable only for Firestorm customers.
user@host>show services advanced-anti-malware malware-database-statistics
Malware scan statistics:
Malware DB type: full_db
Total signatures: 47971
Malware DB version: 1674475590
Malware DB update time: 2023-01-23 04:12:15 PST
Total HTTP HTTPS SMTP SMTPS IMAP IMAPS SMB
File scanned: 2 2 0 0 0 0 0 1
Malware found: 1 1 0 0 0 0 0 1
Malware blocked: 0 0 0 0 0 0 0 1
Malware permitted: 1 1 0 0 0 0 0 0
Release Information
Command introduced in Junos OS Release 15.1X49-D33.