Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[JATP] What happens when we allowlist a detection? What about when JATP adds something to content allowlist?

0

0

Article ID: TN320 TECHNOTES Last Updated: 31 Dec 2020Version: 2.0
Description:

A local allowlist of either a download or a CnC simply hides the detection from the web UI and suppresses alerts.  This is because they may indeed be a valid detection (true positive), but for policy reasons the customer decides to remove the detection. 

 

When the JATP Threat Research team allowlists a file hash, or a URL, they also completely remove the detection from the system, since these are actually false-positives, so past events should also be removed.

Certificate allowlist only affect future events (system limitation)

Keywords:
allowlist
Source:
JTAC
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search