How to filter predefined attacks and display predefined-attacks-group using CLI

This article explains how to use a hidden command to filter pre-defined attack objects and display the predefined-attacks-group, using the command line interface (CLI).

There is no command to filter pre-defined attacks or to display the predefined-attacks-group in SRX. The only way to filter attacks is to use NSM or Junos Space, or parse the Signature file in /var/db/idpd/sec-download/SignatureUpdate.xml.

There is a hidden command to filter predefined-attacks based on category and direction.

Example 1 – Filtered with category VIRUS and direction any.

Example 2 – Filtered only with category VIRUS.

Likewise, predefined-attack-group can be shown below, but there is no good way to display members of the group.

Example 3 – Filtered with category VIRUS on predefined-attack-groups

Note: This hidden command is not supported by JTAC and the above output is collected in Signature version 2358.

More information about predefined-attack-groups can be found in the Junos OS CLI Reference.

About the author

Prasanna

Leave a Comment