1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Firewall
  5. Advanced Threat Prevention Appliance
  6. Cli command reference manual

Juniper Advanced Threat Prevention Appliance Cli Command Reference Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Juniper Advanced Threat
Prevention Applianc
CLI Command Reference
Guide
Release 5.0
March 2018
e

Advertisement

Table of Contents
loading

Related Manuals for Juniper Advanced Threat Prevention Appliance

Summary of Contents for Juniper Advanced Threat Prevention Appliance

  • Page 1 Juniper Advanced Threat Prevention Applianc CLI Command Reference Guide Release 5.0 March 2018...
  • Page 2 The Juniper Networks product that is the subject of this technical document ation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at http://www.juniper.net/support/eula/. By downloading, installing or using...

  • Page 3: Table Of Contents

    ................20 Copyright© 2018, Juniper Networks, Inc.
  • Page 4 Juniper Advanced Threat Prevention Appliance server ................20 set honeypot (collector mode) .
  • Page 5 Server Mode Commands ............88 Copyright© 2018, Juniper Networks, Inc.
  • Page 6 Juniper Advanced Threat Prevention Appliance Traffic Collector CLI Commands ........... . 89 capture-start .

  • Page 7: About The Documentation

    JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self service portal called the Customer Support Center (CSC) that provides you with the following features: •...

  • Page 8: Opening A Case With Jtac

    Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone. • Use the Case Management tool in the CSC at http://www.juniper.net/cm/. • Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

  • Page 9: About This Guide

    Related Documentation on page 2 About This Guide This guide describes the commands that make up the command-line interface (CLI) of the Juniper ATP Appliance. This guide is intended for system administrators responsible for deploying, operating, and maintaining the Juniper ATP Appliance.

  • Page 10: Typographical Conventions

    Juniper ATP Appliance Release Notes— Describes the latest release of the Juniper ATP Appliance software. • Juniper ATP Appliance Quick Start Guides— Quick Starts describe how to install and initially configure a Juniper ATP Appliance; refer to the Quick Start for your device or model.

  • Page 11: Introduction

    CHAPTER 1 Introduction This chapter explains how to use the Juniper ATP Appliance command line interface (CLI) to configure and administer a Juniper ATP Appliance. This chapter contains the following sections: • “Accessing the CLI” in the next section •...

  • Page 12: Configuration Wizard Command Prompt Progressions

    Juniper Advanced Threat Prevention Appliance # wizard Configuration Wizard Command Prompt Progressions NOTE Enter CTRL-C to exit the Configuration Wizard at any time. If you exit without completing the configuration, you will be prompted again whether to run the Configuration Wizard.
  • Page 13 If you decline the self- If you decline the self- signed certificate by signed certificate by entering no, be entering no, be prepared to install a prepared to install a certificate authority certificate authority (CA) certificate. (CA) certificate. Copyright© 2018, Juniper Networks, Inc.

  • Page 14: Hardware, Software And Virtual Appliance Access Via Ssh

    CLI Help and Keyboard Shortcuts To display Juniper ATP Appliance CLI help, type the command help to display CLI keys and auto-completion usage. For context-sensitive help, alternatively, enter a “?” to display either a list of possible command completions with summaries, or the full syntax of the current command.

  • Page 15: Cli Modes

    SPECIAL CHARACTER REQUIREMENT You must enclose non-alphabet characters in double quotes in CLI commands; for example: Juniper ATP Appliance(server)# set passphrase “kfe$nd#$^S” CLI Modes The CLI commands that you can enter depend on your user privileges and the CLI command mode. User roles are “admin”...
  • Page 16 Juniper Advanced Threat Prevention Appliance Note that the prompt in each mode includes the host name of the Juniper ATP Appliance. Table 1-2 Summary of CLI Modes Mode Description How to Exit Basic Mode Monitor system operation and issue basic system Enter exit to log commands.

  • Page 17: All-In-One Cli Commands

    CHAPTER 2 All-in-One CLI Commands This chapter describes the administration commands for a Juniper ATP Appliance All-in-One server appliance, software appliance or virtual appliance. These commands are used to configure the Juniper ATP Appliance All-in-One appliance, manage configurations, and set system-level settings for interfaces, network services, and SIEM integration.

  • Page 18: Cm Commands

    Juniper Advanced Threat Prevention Appliance CM Commands • exit on page 14 • help on page 16 • history on page 17 • upgrade on page 34 Core Mode Commands • exit on page 14 • help on page 16 •...

  • Page 19: Diagnosis Mode Commands

    Traffic Collector with IP address 8.8.8.8: hostname # diagnosis hostname (diagnosis)# capture-start 8.8.8.8 eth1 Example NOTE Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that the capture filters on. Copyright© 2018, Juniper Networks, Inc.

  • Page 20: Collector

    Juniper Advanced Threat Prevention Appliance Table 2-2 cm Enters cm (Central Manager) mode. Description See Also: basic [mode]; Product(s) CLI All-in-One | Core Mode(s) Basic Syntax None Parameters exit | help | history | upgrade Sub-Commands The following command example enters cm configuration mode:...

  • Page 21: Copy

    All-in-One | Collector | Core | Mac OS X Detection Engine Mode(s) Basic core Syntax None Parameters exit, help, history, show, updateimage Sub-Commands The following command example enters core configuration mode: Example hostname # core hostname (core)# Copyright© 2018, Juniper Networks, Inc.

  • Page 22: Diagnosis

    Juniper Advanced Threat Prevention Appliance diagnosis Table 2-6 diagnosis Enters the Diagnosis configuration and status check mode. Description See Also: collector [mode], server [mode] Product(s) CLI All-in-One | Collector | Mac OS X Detection Engine Mode(s) Basic diagnosis Syntax Parameters None capture-start;...

  • Page 23: Gssreport

    CLI Command Reference Guide gssreport Table 2-8 gssreport Use the gssreport command to submit reports to Juniper Global Security Services (GSS), and to display the status of the current GSS report. Description See Also: gssreport; diagnosis [mode] Product(s) CLI All-in-One | Collector | Mac OS X Detection Engine...

  • Page 24: Help

    Juniper Advanced Threat Prevention Appliance help Table 2-9 help Description Displays information about the CLI help system. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Basic | Core | Collector | Diagnosis | Server...

  • Page 25: History

    Server ifrestart eth0 | eth1 Syntax eth0 Restarts the management network administra interface. Parameters eth1 Restarts the monitoring network interface. The following example restarts the eth0 interface for the management network. Example <FireEye_name># ifrestart eth0 Copyright© 2018, Juniper Networks, Inc.

  • Page 26: Ping

    Juniper Advanced Threat Prevention Appliance ping Table 2-12 ping Sends ICMP (Internet Control Message Protocol) echo request packets to a Description specified host name or IP address to verify that the destination is reachable over the network. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine...

  • Page 27: Restart

    [all | behaviorengine | cm | collector | core | correlationengine | database | ntpserver | sshserver | Syntax staticengine | webserver] Restarts all Juniper ATP Appliance services. behaviorengine Restarts the Behavioral Analysis Engine. Restarts the Central Manager Web UI service.

  • Page 28: Restore

    Juniper Advanced Threat Prevention Appliance restore Table 2-15 restore Restores the system configuration to the factory default settings. Description This will only reset the password to default temporarily. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine...
  • Page 29 CLI Command Reference Guide Table 2-16 server The following example enters server configuration mode: hostname # server Example hostname (server) # ? Copyright© 2018, Juniper Networks, Inc.

  • Page 30: Set Honeypot (Collector Mode)

    Juniper Advanced Threat Prevention Appliance set honeypot (collector mode) Table 2-17 set honeypot Enables and disables the SSH-Honeypot feature for a Traffic Collector. A honeypot can be deployed within a customer network to detect network activity generated by malware attempting to infect or attack other machines in a local area network.

  • Page 31: Set Traffic-Filter (Collector Mode)

    (collector mode) Product(s) CLI All-in-One | Collector Mode(s) collector (collector)# set protocols {http [on|off] | smb [on|off]} Syntax The following example enables the SMB parser for lateral detections: Example hostname (collector) set protocols smb on Copyright© 2018, Juniper Networks, Inc.

  • Page 32: Set Proxy (Collector Mode)

    NOTE The mitigation IP address of a CNC server is not be available for Inside proxy deployments. When a Juniper ATP Appliance is deployed behind a proxy, the Mitigation-> Firewall page in the Juniper ATP Appliance Central Manager Web UI (which typically displays the CNC server IP address to mitigate) will be empty.

  • Page 33: Set (Diagnosis Mode)

    Sets logging at the warning level. Parameters error Sets logging at the error level. critical Sets logging at the critical level. The following example sets the default logging level for all Juniper ATP Appliance components. Example JATP# set logging all Copyright© 2018, Juniper Networks, Inc.

  • Page 34: Set Ip Interface (Server Mode)

    Sets the Gateway IP address for the management interfac or the optional alternate-exhaust network. The following example configures the management interface (eth0) for a Juniper ATP Appliance Core device: JATP (server)# set ip interface management address 10.2.123.18 netmask 255.255.255.0 gateway 10.2.0.1...

  • Page 35: Set (Server Mode)

    <backup | flush> firewall. | whitelist <add The “add” option adds an IP address to the | delete | iptables outbound whitelist. flush>} # set firewall whitelist add 10.1.1.1 Copyright© 2018, Juniper Networks, Inc.
  • Page 36 Juniper Advanced Threat Prevention Appliance Table 2-24 set hostname string Sets the system’s host name. ip interface Sets the IP address, netmask, or default gateway, or enables DHCP for the management or {management | alternate-exhaust interface. alternate- exhaust} <dhcp |...

  • Page 37: Set System-Alert (Server Mode)

    Also note that all bytes seen on Ethernet frames are counted in the traffic. The minimum interval for the "set system-alert traffic" time interval command is 10 minutes. If the minimum interval is set to less than 10 minutes, no alerts will be triggered. Copyright© 2018, Juniper Networks, Inc.

  • Page 38: Setupcheck

    Juniper Advanced Threat Prevention Appliance setupcheck Table 2-26 setupcheck Description Checks and reports on basic configuration settings and analysis pipeline setup. Product(s) CLI All-in-One | Core CM | Mac Mini OS X Detection Engine Mode(s) diagnosis setupcheck {all | report | basic | analysis}...

  • Page 39: Show (Collector Mode)

    (collector)# show honeypot ssh-honeypot show (collector mode) Table 2-28 show (collector mode) Display the currently selected traffic monitoring interface. Description Product(s) CLI All-in-One | Collector Mode(s) Collector collector02 (collector)#ow traffic-monitoring-ifc-type Syntax Display the currently selected traffic monitoring interface Copyright© 2018, Juniper Networks, Inc.

  • Page 40: Show (Core Mode)

    Juniper Advanced Threat Prevention Appliance show (core mode) Table 2-1 Displays the guest image(s) status or whitelist statistics. Description See Also: shutdown; show (diagnostic mode) Product(s) CLI All-in-One | Core CM | Mac Mini OS X Detection Engine Mode(s) Core...

  • Page 41: Show (Diagnosis Mode)

    CLI Command Reference Guide show (diagnosis mode) Table 2-29 show Sets the logging levels for Juniper ATP Appliance components from diagnosis mode. Description See Also: shutdown; show (core mode) Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine...

  • Page 42: Shutdown

    The following example performs a traceroute of the named device. Example JATP# traceroute -h 2 MacMininOSX-Engine upgrade Table 2-32 upgrade Upgrade Juniper ATP Appliance software for the Core/CM device or vCore, and all Description connected physical or virtual devices. Product(s) CLI All-in-One | Core CM Mode(s) upgrade <URI as user@hostname:path>...

  • Page 43: Updateimage

    Description The updateimage command will update the guest images from the Juniper ATP Appliance update servers or a USB drive attached to the Juniper ATP Appliance. Product(s) CLI All-in-One | Core-CM | Mac Mini OS X Detection Engine...

  • Page 44: Configuration Wizard For The All-In-One Server

    JuniperATP1 [OPTIONAL] Refer to “Configuring an Alternate Analysis If the system detects a Secondary Core with an Engine Interface” in the Juniper ATP Appliance eth2 port, then the alternate CnC exhaust Operator’s Guide for more information. option is displayed:...

  • Page 45: Core/Cm Server Cli Commands

    CHAPTER 3 Core/CM Server CLI Commands This chapter describes the commands for available for Juniper ATP Appliance Core/CM or vCore servers. These commands are used to configure devices and software, manage security events, and show system information and status. You must enclose non-alphabet characters in double quotes in CLI commands.

  • Page 46: Core Mode Commands

    Juniper Advanced Threat Prevention Appliance Core Mode Commands • exit on page 42 • help on page 43 • history on page 44 • set (core mode) on page 48 • show (core mode) on page 53 • updateimage on page 59 Server Mode Commands •...

  • Page 47: Corecm Cli Commands

    Juniper ATP Appliance with IP address 8.8.8.8: hostname # diagnosis hostname (diagnosis)# capture-start 8.8.8.8 eth1 Example NOTE Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that the capture filters on. Table 3-2 cm Enters cm (Central Manager) mode. Description See Also: basic [mode];...

  • Page 48: Core

    Juniper Advanced Threat Prevention Appliance core Table 3-3 core Enters core mode. Description See Also: basic [mode]; Product(s) CLI All-in-One | Collector | Core | Mac OS X Detection Engine Mode(s) Basic core Syntax Parameters None exit | help | history | set | show | updateimage...

  • Page 49: Copy

    None capture-start; copy; exit; gssreport; help; history; set (server mode); setupcheck; show (diagnosis mode); show Sub-Commands (server mode) The following example enters diagnosis configuration and status check mode: Example hostname # diagnosis hostname (diagnosis)# ? Copyright© 2018, Juniper Networks, Inc.

  • Page 50: Exit

    JATP# (diagosis) exit Example JATP# gssreport Table 3-7 gssreport Use the gssreport command to submit reports to Juniper Global Security Services (GSS), and to display the status of the current GSS report. Description See Also: gssreport; diagnosis [mode] Product(s) CLI...

  • Page 51: Help

    Use ? to learn command parameters and option: JATP (server)# show f? firewall Show the firewall configuration settings interface JATP (server)# show firewall? Show the current iptables settings whitelist Show the iptables whitelist settings show firewall whitelist? <cr> show firewall whitelist Copyright© 2018, Juniper Networks, Inc.

  • Page 52: History

    Juniper Advanced Threat Prevention Appliance history Table 3-9 history Description Displays the current CLI session command line history. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Basic | Core | CM | Collector | Diagnosis | Server...

  • Page 53: Ping

    3 packets transmitted, 3 received, 0% packet loss, time bbbb1999ms rtt min/avg/max/mdev = 0.274/0.288/0.314/0.022 ms reboot Table 3-12 reboot Description Reboots the Juniper ATP Appliance. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Server reboot...
  • Page 54 Juniper Advanced Threat Prevention Appliance Table 3-13 restart Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Server restart [all | behaviorengine | cm | collector | core | correlationengine | database | ntpserver | sshserver |...

  • Page 55: Restore

    The following example restores the system. JATP # restore This next example restores the SSH login “support” password to the default. Example JATP # restore support password Restore the default suppport password? (Yes/No)? yes support password was restored successfully! Copyright© 2018, Juniper Networks, Inc.

  • Page 56: Set (Core Mode)

    Juniper Advanced Threat Prevention Appliance set (core mode) Table 3-15 set Description Resets the Secondary Core UUID, if the virtual core is cloned. Product(s) CLI Core/CM (Virtual Core) Mode(s) Core (for Virtual Core configurations) set id Syntax Sub-Commands None The following example sets the Virtual Core appliance id:...
  • Page 57 Also note that all bytes seen on Ethernet frames are counted in the traffic. The minimum interval for the "set system-alert traffic" time interval command is 10 minutes. If the minimum interval is set to less than 10 minutes, no alerts will be triggered. Copyright© 2018, Juniper Networks, Inc.

  • Page 58: Set (Server Mode)

    Juniper Advanced Threat Prevention Appliance set (server mode) Table 3-18 set Description Configure the system settings. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Server, See Also: set (diagnosis mode); set (core mode); show (core mode)
  • Page 59 HTTP proxy as needed. <all|http>} timezone string Sets the timezone for the device. uipassword Sets a new admin password for CM Web UI access. The following example enables a proxy server. Examples JATP (server)# set proxy enable on Copyright© 2018, Juniper Networks, Inc.

  • Page 60: Set (Diagnosis Mode)

    Sets logging at the warning level. error Sets logging at the error level. critical Sets logging at the critical level. The following example sets the default logging level for all Juniper ATP Appliance components. Example JATP(diagnosis)# set logging all setupcheck...

  • Page 61: Show (Core Mode)

    Example URI2 Wed Sep 2 18:16:55 2015 URI3 Wed Sep 2 18:16:55 2015 greatfilesarey Wed Sep 2 18:20:00 2015 The following example shows how to get the alternate-exhaust interface (eth2) status: JATP(core)# show alternate-exhaust interface Copyright© 2018, Juniper Networks, Inc.
  • Page 62 See Also: set (diagnosis mode) logging Parameters log error traceback Displays only the tracebacks (if any) generated by Juniper ATP Appliance OS process error logs. A traceback is a stack of functions that were executing when an error condition was encountered. log error last Displays n [1-1000] lines of the contents of the <integer: number of...

  • Page 63: Show (Server Mode)

    (eth1), or the exhaust] alternate-exhaust interface (eth2). See Also: show controller Show the IP address of the management (administrative) interface eth0. Results may show both private and public IP addresses if the AWS vCore has a public Copyright© 2018, Juniper Networks, Inc.
  • Page 64 <tab> shows options. timezone {US/Eastern | US/Central | US/ Mountain uptime Show how long the system has been running. uuid Show the system UUID (universally unique ID). version Show Juniper ATP Appliance software and content security versions. Copyright© 2018, Juniper Networks, Inc.
  • Page 65 RX packets: 1869032424 Bytes: 1716560257902 Errors: 0 Overruns: 0 TX packets: 409287 Bytes: 44607401 Errors: 0 Overruns: 0 Traffic rate for the last 5 seconds/1 minute/5 minutes RX bits/sec: 108616/160176/442736 RX packets/sec: 44/46/91 TX bits/sec: 0/112/128 TX packets/sec: 0/0/0 Copyright© 2018, Juniper Networks, Inc.

  • Page 66: Shutdown

    The following example performs a traceroute of the named device. Example JATP# traceroute -h 2 MacMininOSX-Engine upgrade Table 3-25 upgrade Upgrade Juniper ATP Appliance software for the Core/CM device or vCore, and all Description connected physical or virtual devices. Product(s) CLI All-in-One | Core CM Mode(s) upgrade <URI as user@hostname:path>...

  • Page 67: Updateimage

    CLI Command Reference Guide Table 3-25 upgrade The following example copies Juniper ATP Appliance software to the Core from a remote location defined by the path provided. CoreCM(cm)# upgrade admin@remoteHost.edu:some/remote/ Example directory updateimage Table 3-26 updateimage Update or correct the guest-image OS profile used by the detection and analysis behavioral engine.

  • Page 68: Configuration Wizard For The Corecm Server

    Juniper Advanced Threat Prevention Appliance Table 3-27 wizard wizard Syntax Parameters None The following command starts the configuration wizard. Example hostname # wizard Configuration Wizard for the CoreCM Server NOTE Enter CTRL-C to exit the Configuration Wizard at any time. If you exit without completing the configuration, you will be prompted again whether to run the Configuration Wizard.
  • Page 69 CLI Command Reference Guide Enter a valid hostname. Type a hostname when prompted; do not include the domain; for example: Juniper ATP Appliance1 [OPTIONAL] Refer to “Configuring an Alternate Analysis If the system detects a Secondary Core with an Engine Interface” in the Juniper ATP Appliance eth3 port, then the alternate CnC exhaust Operator’s Guide for more information.
  • Page 70 Juniper Advanced Threat Prevention Appliance Copyright© 2018, Juniper Networks, Inc.

  • Page 71: Basic Mode Commands

    All-in-One, Mac OS X Engine, Traffic Collector and CoreCM. Core Mode Commands • exit on page 67 • help on page 68 • history on page 69 • show (core mode) on page 77 • updateimage on page 81 Copyright© 2018, Juniper Networks, Inc.

  • Page 72: Server Mode Commands

    Juniper Advanced Threat Prevention Appliance Server Mode Commands • exit on page 67 • help on page 68 • history on page 69 • ifrestart on page 69 • ping on page 70 • reboot on page 70 • restart on page 70 •...

  • Page 73: Mac Os X Detection Engine Cli Commands

    # diagnosis hostname (diagnosis)# capture-start 8.8.8.8 eth1 Example NOTE Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that the capture filters on. copy Table 4-2 copy Uses Secure Copy (SCP) to scp to copy and transfer packet capture or traceback...

  • Page 74: Core

    Juniper Advanced Threat Prevention Appliance core Table 4-3 core Enters core mode. Description See Also: basic [mode]; Product(s) CLI All-in-One | Collector | Core | Mac OS X Detection Engine Mode(s) Basic core Syntax Parameters None exit, help, history, show, updateimage...

  • Page 75: Exit

    JATP# (diagosis) exit Example JATP# gssreport Table 4-6 gssreport Use the gssreport command to submit reports to Juniper ATP Appliance Global Security Services (GSS), and to display the status of the current GSS report. Description See Also: gssreport; diagnosis [mode] Product(s) CLI...

  • Page 76: Help

    Juniper Advanced Threat Prevention Appliance help Table 4-7 help Description Displays information about the CLI help system. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Basic | Server | Diagnosis help Syntax...

  • Page 77: History

    | eth1 Syntax eth0 Restarts the management network administra interface. Parameters eth1 Restarts the monitoring network interface. The following example restarts the eth0 interface for the management network. Example JATPMAC (server) # ifrestart eth0 Copyright© 2018, Juniper Networks, Inc.

  • Page 78: Ping

    Juniper Advanced Threat Prevention Appliance ping Table 4-10 ping Sends ICMP (Internet Control Message Protocol) echo request packets to a Description specified host name or IP address to verify that the destination is reachable over the network. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine...
  • Page 79 Server restart [all | behaviorengine | cm | collector | core | correlationengine | database | ntpserver | sshserver | Syntax staticengine | webserver] Restarts all Juniper ATP Appliance services. database Restarts the Database. Parameters ntpserver Restarts the NTP server.

  • Page 80: Restore

    Juniper Advanced Threat Prevention Appliance restore Table 4-13 restore Description Restores the system configuration to the factory default settings. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Server restore [support | firewall {backup | default} | hostname...
  • Page 81 CLI Command Reference Guide Table 4-14 server The following example enters server configuration mode: hostname # server Example hostname (server) # ? Copyright© 2018, Juniper Networks, Inc.

  • Page 82: Set (Server Mode)

    Juniper Advanced Threat Prevention Appliance set (server mode) Table 4-15 server mode Description Configure the system settings. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Server, See Also: set (diagnosis mode) set [autoupdate {on | off} | cli timeout secs | clock | cm address | support {on | off} | passphrase string | dns | firewall {all <backup | flush>...
  • Page 83 Central | US/ TIP: Mountain uipassword Sets a new admin password for CM Web UI access. The following example sets an ip address for the device management interface eth0. Example JATP# set ip interface 10.1.1.1 Copyright© 2018, Juniper Networks, Inc.

  • Page 84: Set (Diagnosis Mode)

    Sets logging at the warning level. error Sets logging at the error level. critical Sets logging at the critical level. The following example sets the default logging level for all Juniper ATP Appliance components. Example JATP(diagnosis)# set logging all Copyright© 2018, Juniper Networks, Inc.

  • Page 85: Setupcheck

    Displays the status of the alternate exhaust interface eth2. exhaust- interface The following example demonstrates the show images command usage: JATP(core)# show images The following example shows how to get the alternate-exhaust interface (eth2) Example status: JATP(core)# show alternate-exhaust interface Copyright© 2018, Juniper Networks, Inc.

  • Page 86: Show (Diagnosis Mode)

    Juniper Advanced Threat Prevention Appliance show (diagnosis mode) Table 4-19 show Sets the logging levels for Juniper ATP Appliance components from diagnosis mode. Description See Also: show (server mode) Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine...

  • Page 87: Show (Server Mode)

    See Also: exhaust] Show the IP address of the management (administrative) interface eth0. name Show the server name. ntpserver Show the Network Time Protocol (NTP) server settings. proxy Show current proxy configuration. Copyright© 2018, Juniper Networks, Inc.
  • Page 88 Show the system UUID (universally unique ID). uptime Show how long the system has been running. version Show Juniper ATP Appliance software and content security versions. The following example displays information about the MacOSX cpuload statistics: MacOSX (server)# # show stats cpuload (0.06, 0.13, 0.13) Example The following example requests details for the Collector’s monitoring interface...

  • Page 89: Shutdown

    CLI Command Reference Guide shutdown Table 4-21 shutdown Description Shuts down the Juniper ATP Appliance server. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Server shutdown Syntax Parameters None The following example performs a shutdown of the current device.
  • Page 90 Juniper Advanced Threat Prevention Appliance built-in Updates the guest-image on the Mac OSX Detection Parameters “Secondary core.”. The following example performs a built-in Mac OS X profile update for the Mac Mini-based Secondary core detection engine. MAC2(core)# updateimage built-in Installing image SC-OSX-20131003.img...

  • Page 91: Upgrade

    Table 4-23 upgrade Upgrade a configured Juniper ATP Appliance Mac OSX Mac Mini device. If the Mac Mini has already been upgraded to Ubuntu 14.04, this upgrade command will not be visible at the CLI because it will not be needed.

  • Page 92: Configuration Wizard Command Prompt Responses

    Juniper Advanced Threat Prevention Appliance Configuration Wizard Command Prompt Responses Configuration Wizard Prompts Customer Response from the Mac Mini Use DHCP to obtain the IP address and DNS server We strongly discourage the use of DHCP addressing address for the administrative interface (Yes/No)? because it changes dynamically.
  • Page 93 Required:Enter the IP address of the Juniper ATP Appliance Server Core/CM or All-in-One. Device Name: (must be unique) Enter a Juniper ATP Appliance Mac Mini or Core/CM Device Name; this identifies the Mac OS X or Core Engine in the Web UI.
  • Page 94 Juniper Advanced Threat Prevention Appliance Copyright© 2018, Juniper Networks, Inc.

  • Page 95: Traffic Collector Cli Commands

    CHAPTER 5 Traffic Collector CLI Commands This chapter describes the commands specific to the Juniper ATP Appliance Collector CLI. The available commands are as follows: Basic Mode Commands • collector on page 89 • diagnosis on page 90 • exit on page 91 •...

  • Page 96: Diagnosis Mode Commands

    Juniper Advanced Threat Prevention Appliance Diagnosis Mode Commands • capture-start on page 89 • copy on page 90 • exit on page 91 • gssreport on page 91 • help on page 92 • history on page 93 • set (diagnosis mode) on page 99 •...

  • Page 97: Traffic Collector Cli Commands

    Traffic Collector with IP address 8.8.8.8: hostname # diagnosis hostname (diagnosis)# capture-start 8.8.8.8 eth1 Example NOTE Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that the capture filters on. collector Table 5-2 collector Enters the Collector configuration mode.

  • Page 98: Copy

    Juniper Advanced Threat Prevention Appliance copy Table 5-3 copy Uses Secure Copy (SCP) to scp to copy and transfer packet capture or traceback (crash) data to a remote location, providing the same authentication and level of security as an SSH transfer.

  • Page 99: Exit

    Syntax status - displays the status of the current GSS report. Parameters submit - submits a report to Juniper ATP Appliance GSS. Sub-Commands None The following examples display the status of a GSS report submission: hostname # diagnosis hostname (diagnosis)# gssreport submit...

  • Page 100: Help

    Juniper Advanced Threat Prevention Appliance help Table 5-7 help Description Displays information about the CLI help system. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Basic | Server | Collector | Diagnosis...

  • Page 101: History

    Server ifrestart eth0 | eth1 Syntax eth0 Restarts the management network administra interface. Parameters eth1 Restarts the monitoring network interface. eth0 The following example restarts the interface for the management network. Example <FireEye_name># ifrestart eth0 Copyright© 2018, Juniper Networks, Inc.

  • Page 102: Ping

    Juniper Advanced Threat Prevention Appliance ping Table 5-10 ping Sends ICMP (Internet Control Message Protocol) echo request packets to a Description specified host name or IP address to verify that the destination is reachable over the network. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine...
  • Page 103 Server restart [all | behaviorengine | cm | collector | core | correlationengine | database | ntpserver | sshserver | Syntax staticengine | webserver] Restarts all Juniper ATP Appliance services. database Restarts the Database. Parameters ntpserver Restarts the NTP server.

  • Page 104: Restore

    Juniper Advanced Threat Prevention Appliance restore Table 5-13 restore Description Restores the system configuration to the factory default settings. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Server restore [support | firewall {backup | default} | hostname...

  • Page 105: Server

    The mitigation IP address of a CNC server is not be available for Inside proxy deployments. When a Juniper ATP Appliance is deployed behind a proxy, the Mitigation-> Firewall page in the Juniper ATP Appliance Central Manager Web UI (which typically displays the CNC server IP address to mitigate) will be empty.

  • Page 106: Set Honeypot (Collector Mode)

    Juniper Advanced Threat Prevention Appliance Table 5-15 set proxy inside Sets the inside proxy IP addresses outside Sets the outside proxy IP addresses Parameters Adds a proxy configuration. remove Removes a proxy configuration. The following example sets an inside data path proxy: JATP(collector)# set proxy inside 10.1.1.1 53...

  • Page 107: Set (Diagnosis Mode)

    Sets logging at the warning level. error Sets logging at the error level. critical Sets logging at the critical level. The following example sets the default logging level for all Juniper ATP Appliance components. Example JATP# set logging all set protocols (collector mode) Table 5-18 set protocols Enables and disables the HTTP or SMB parser for a Traffic Collector.

  • Page 108: Set (Server Mode)

    Juniper Advanced Threat Prevention Appliance set (server mode) Table 5-19 set Description Configure the system settings. Engine Product(s) CLI ll-in-One | Collector | Core CM | Mac Mini OS X Detection Mode(s) Server, See Also: set (diagnosis mode); set proxy (collector mode)
  • Page 109 <tab> shows all options TIP: uipassword Sets a new Central Manager Web UI admin password. The following example sets an ip address for the device management interface eth0. Example JATP# set ip interface 10.1.1.1 Copyright© 2018, Juniper Networks, Inc.

  • Page 110: Set Traffic-Filter (Collector Mode)

    Juniper Advanced Threat Prevention Appliance set traffic-filter (collector mode) Table 5-20 set traffic-filter Sets traffic filter rules to avoid analysis on a set of configured traffic, which cannot be made retroactive; for example: any analysis skipped as a result of the filtering cannot be reversed.

  • Page 111: Setupcheck

    Shows report of last setupcheck. Parameters basic Checks basic configuration settings. analysis Checks the analysis pipeline. The following example checks all basic configuration settings as well as the analysis pipeline: Example JATP (diagnosis) # setupcheck all Copyright© 2018, Juniper Networks, Inc.

  • Page 112: Show (Collector Mode)

    Juniper Advanced Threat Prevention Appliance show (collector mode) Table 5-23 show Displays the Traffic Collector current traffic filters and the current XFF status Description (enabled or disabled) Product(s) CLI All-in-One | Collector Mode(s) Collector traffic-filter | proxy | honeypot Subcommands...

  • Page 113: Show (Diagnosis Mode)

    CLI Command Reference Guide show (diagnosis mode) Table 5-24 show Sets the logging levels for Juniper ATP Appliance components from diagnosis mode. Description See Also: show (server mode); show (collector mode) Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine...

  • Page 114: Show (Server Mode)

    Juniper Advanced Threat Prevention Appliance show (server mode) Table 5-25 show Description Display configurations and status information. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Server, See Also: show (collector mode); show (diagnosis mode)
  • Page 115 Show how long the system has been running. version Show software and content security versions. The following example displays information about the All-in-One server device type: Example All-in-One(server)# show devicetype Device type: cm, core, web_collector. Copyright© 2018, Juniper Networks, Inc.

  • Page 116: Shutdown

    Juniper Advanced Threat Prevention Appliance shutdown Table 5-26 shutdown Description Shuts down the Juniper ATP Appliance server. Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine Mode(s) Server shutdown Syntax Parameters None The following example performs a shutdown of the current device.

  • Page 117: Configuration Wizard Command Prompt Progressions

    No)? Enter the following server attributes: Central Manager (CM) IP Address: Required: Enter the IP address of the Juniper ATP Appliance Server All-in-One CM or CoreCM to which you are connecting [another] Collector in order to register with and view the Collector in the CM Web...
  • Page 118 Juniper Advanced Threat Prevention Appliance Copyright© 2018, Juniper Networks, Inc.

  • Page 119: Glossary Of Terms

    Greylists provide control over the priority of workorders for known IP addresses and URLs. Greylists contain files that contain either URLs or IP addresses and are used by the Juniper ATP Appliance analysis engines to check if the specified URLs or IP addresses contain a malicious rule match.
  • Page 120 Juniper Advanced Threat Prevention Appliance Graphical user interface. The Juniper ATP Appliance uses a web-based GUI for managing the appliance. Known botnet Events that are triggered when the appliance sees any of the common IRC bot server bot commands or detects any communication sent to known botnet servers.

Table of Contents