Config Router

  • Google Sheets
  • CCNA Online training
    • CCNA
  • CISCO Lab Guides
    • CCNA Security Lab Manual With Solutions
    • CCNP Route Lab Manual with Solutions
    • CCNP Switch Lab Manual with Solutions
  • Juniper
  • Linux
  • DevOps Tutorials
  • Python Array
You are here: Home / Juniper / How to filter predefined attacks and display predefined-attacks-group using CLI

How to filter predefined attacks and display predefined-attacks-group using CLI

March 20, 2020 by Marques Brownlee

This article explains how to use a hidden command to filter pre-defined attack objects and display the predefined-attacks-group, using the command line interface (CLI).

There is no command to filter pre-defined attacks or to display the predefined-attacks-group in SRX. The only way to filter attacks is to use NSM or Junos Space, or parse the Signature file in /var/db/idpd/sec-download/SignatureUpdate.xml.

There is a hidden command to filter predefined-attacks based on category and direction.

Example 1 – Filtered with category VIRUS and direction any.

[email protected]> show security idp predefined-attacks filters category VIRUS direction any 
IDP predefined-attacks:
VIRUS:SMTP:DOUBLE-EXTENSION

Example 2 – Filtered only with category VIRUS.

[email protected]> show security idp predefined-attacks filters category VIRUS 
IDP predefined-attacks:

VIRUS:BITCOIN-MINER-BOTNET
VIRUS:HERE-YOU-HAVE
VIRUS:POP3:EICAR-ATTACHMENT
VIRUS:POP3:NIMDA
VIRUS:POP3:SOBER-K
VIRUS:POP3:UUENCODED-DOT-VBS
VIRUS:SMTP:DOUBLE-EXTENSION
VIRUS:SMTP:EICAR-ATTACHMENT
VIRUS:SMTP:EXE-ATTACH-1
VIRUS:SMTP:EXE-IN-ZIP
VIRUS:SMTP:LOCALHOST-HELO
VIRUS:SMTP:NIMDA
VIRUS:SMTP:UUENCODED-DOT-VBS
VIRUS:SMTP:ZONEALARM-EXE

Likewise, predefined-attack-group can be shown below, but there is no good way to display members of the group.

Example 3 – Filtered with category VIRUS on predefined-attack-groups

[email protected]> show security idp predefined-attack-groups filters category VIRUS 
IDP predefined-attack groups:

"VIRUS"
"VIRUS - All"
"VIRUS - Critical"
"VIRUS - Info"
"VIRUS - Major"
"VIRUS - Minor"
"VIRUS - Warning"

Note: This hidden command is not supported by JTAC and the above output is collected in Signature version 2358.

[email protected]> show security idp security-package-version 
Attack database version:2358(Mon Mar 31 23:30:19 2014 UTC)
Detector version :12.6.160140207
Policy template version :N/A

More information about predefined-attack-groups can be found in the Junos OS CLI Reference.

Related

Filed Under: Juniper

Recent Posts

  • How do I give user access to Jenkins?
  • What is docker volume command?
  • What is the date format in Unix?
  • What is the difference between ARG and ENV Docker?
  • What is rsync command Linux?
  • How to Add Music to Snapchat 2021 Android? | How to Search, Add, Share Songs on Snapchat Story?
  • How to Enable Snapchat Notifications for Android & iPhone? | Steps to Turn on Snapchat Bitmoji Notification
  • Easy Methods to Fix Snapchat Camera Not Working Black Screen Issue | Reasons & Troubleshooting Tips to Solve Snapchat Camera Problems
  • Detailed Procedure for How to Update Snapchat on iOS 14 for Free
  • What is Snapchat Spotlight Feature? How to Make a Spotlight on Snapchat?
  • Snapchat Hack Tutorial 2021: Can I hack a Snapchat Account without them knowing?

Copyright © 2025 · News Pro Theme on Genesis Framework · WordPress · Log in