Augmenting jATP Security Defense with DNIF

Integration of jATP with DNIF HyperScale SIEM

  1. Log in to Juniper Advanced Threat Prevention using the web interface and Navigate to the Config > Notifications page.
  2. Select SIEM Settings from the left panel menu.
  3. Click Add New SIEM Connector to set up a new Events, System Audit or System Health log notification in CEF format.
  4. Select from the available options and modify the configurations
Steps to integrate jATP

Parsing the jATP information at DNIF HyperScale SIEM

DNIF Advantage

Footprints of Attacker with DNIF’s Connected Graph

  1. The attacker is 198.15.XX.XX who has established a successful connection via RDP to 10.7.XX.XX. The attacker is hence the Suspect and is marked in RED.
  2. Using the out of the box detection rules, DNIF HyperScale SIEM has detected that a download from a suspicious TLD and Flash player update is observed to be originating from 10.7.XX.XX and both these are flagged as signals.
  3. The host 10.7.XX.XX is highlighted in Yellow as it has been compromised and has established communication with other systems namely MUM017, MUM010, MUM015, MUM011, making it appear more prominent to security analysts. They can easily spot the footprints of the adversary along with the signal raised by Juniper cortex
  4. Now that the security analyst is fully aware that the host 10.7.XX.XX has been compromised and can isolate it from the network to stop the propagation of malware.
  5. The compromised host 10.7.XX.XX has successfully infected a user named ‘Steve’ which unfortunately was sabotaged to gain persistence in the environment.
  6. DNIF has detected that Steve has been connected to a large number of systems and has been marked in Red as suspect of spreading infection. The analyst can suspend the account to contain the incident and can also perform a clean up activity on the connected systems MUM017, MUM010, MUM015, MUM011.

DNIF and Automation

DNIF Dashboards

Summary

--

--

--

The “Open” Big Data Analytics platform that offers solutions to the world’s most challenging cyber security problems with real-time data analytics.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The post A Major Twist In The Ripple SEC Lawsuit, Will This Filing Slash XRP Price By 25% This…

Why Privacy Matters

Detailed explanation of Ethereum smart contract vulnerabilities  — — On-chain vulnerability…

In the vast Internet of Things, “smart” still doesn’t mean secure

NHS Scotland’s Covid Status app criticised over privacy failings

The Ransomware Evolution Landscape Part 3 — The New Age of Ransomware and the ‘Triple Threat’

{UPDATE} Tri-Trick Hack Free Resources Generator

OpenLeverage Bug Bounty Program

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
DNIF

DNIF

The “Open” Big Data Analytics platform that offers solutions to the world’s most challenging cyber security problems with real-time data analytics.

More from Medium

Unexpected Benefits from Managed VDI

What does define adequate security, and how to measure it?

When networking is not what networking used to be

Service MisConfiguration Vulnerability