This article explains how to use a hidden command to filter pre-defined attack objects and display the predefined-attacks-group, using the command line interface (CLI).
There is no command to filter pre-defined attacks or to display the predefined-attacks-group in SRX. The only way to filter attacks is to use NSM or Junos Space, or parse the Signature file in /var/db/idpd/sec-download/SignatureUpdate.xml.
There is a hidden command to filter predefined-attacks based on category and direction.
Example 1 – Filtered with category VIRUS and direction any.
[email protected]> show security idp predefined-attacks filters category VIRUS direction any IDP predefined-attacks: VIRUS:SMTP:DOUBLE-EXTENSION
Example 2 – Filtered only with category VIRUS.
[email protected]> show security idp predefined-attacks filters category VIRUS IDP predefined-attacks: VIRUS:BITCOIN-MINER-BOTNET VIRUS:HERE-YOU-HAVE VIRUS:POP3:EICAR-ATTACHMENT VIRUS:POP3:NIMDA VIRUS:POP3:SOBER-K VIRUS:POP3:UUENCODED-DOT-VBS VIRUS:SMTP:DOUBLE-EXTENSION VIRUS:SMTP:EICAR-ATTACHMENT VIRUS:SMTP:EXE-ATTACH-1 VIRUS:SMTP:EXE-IN-ZIP VIRUS:SMTP:LOCALHOST-HELO VIRUS:SMTP:NIMDA VIRUS:SMTP:UUENCODED-DOT-VBS VIRUS:SMTP:ZONEALARM-EXE
Likewise, predefined-attack-group can be shown below, but there is no good way to display members of the group.
Example 3 – Filtered with category VIRUS on predefined-attack-groups
[email protected]> show security idp predefined-attack-groups filters category VIRUS IDP predefined-attack groups: "VIRUS" "VIRUS - All" "VIRUS - Critical" "VIRUS - Info" "VIRUS - Major" "VIRUS - Minor" "VIRUS - Warning"
Note: This hidden command is not supported by JTAC and the above output is collected in Signature version 2358.
[email protected]> show security idp security-package-version Attack database version:2358(Mon Mar 31 23:30:19 2014 UTC) Detector version :12.6.160140207 Policy template version :N/A
More information about predefined-attack-groups can be found in the Junos OS CLI Reference.