I configured threat policy on SRX by working with SkyATP. And I'm confused about each verdict threshold value in configuration
set services security-intelligence profile policyATP_CC category CC
set services security-intelligence profile policyATP_CC rule Rule-1 match threat-level 1
set services security-intelligence profile policyATP_CC rule Rule-1 match threat-level 2
set services security-intelligence profile policyATP_CC rule Rule-1 match threat-level 3
set services security-intelligence profile policyATP_CC rule Rule-1 match threat-level 4
set services security-intelligence profile policyATP_CC rule Rule-1 then action permit
set services security-intelligence profile policyATP_CC rule Rule-1 then log
set services security-intelligence profile policyATP_CC rule Rule-2 match threat-level 5
set services security-intelligence profile policyATP_CC rule Rule-2 match threat-level 6
set services security-intelligence profile policyATP_CC rule Rule-2 match threat-level 7
set services security-intelligence profile policyATP_CC rule Rule-2 then action permit
set services security-intelligence profile policyATP_CC rule Rule-2 then log
set services security-intelligence profile policyATP_CC rule Rule-3 match threat-level 8
set services security-intelligence profile policyATP_CC rule Rule-3 match threat-level 9
set services security-intelligence profile policyATP_CC rule Rule-3 match threat-level 10
set services security-intelligence profile policyATP_CC rule Rule-3 then action block drop
set services security-intelligence profile policyATP_CC rule Rule-3 then log
set services security-intelligence profile policyATP_Infected-Hosts category Infected-Hosts
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-1 match threat-level 1
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-1 match threat-level 2
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-1 match threat-level 3
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-1 match threat-level 4
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-1 match threat-level 5
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-1 match threat-level 6
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-1 then action permit
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-1 then log
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-2 match threat-level 7
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-2 match threat-level 8
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-2 match threat-level 9
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-2 match threat-level 10
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-2 then action block drop
set services security-intelligence profile policyATP_Infected-Hosts rule Rule-2 then log
set services security-intelligence policy policyATP CC policyATP_CC
set services security-intelligence policy policyATP Infected-Hosts policyATP_Infected-Hosts
set services advanced-anti-malware policy policyATP verdict-threshold 7
As my understand, threshold value on C&C is verdicted which is retured from SkyATP. What's about other values i.e Infected host and global (in services advanced-anti-malware hierarchy)??
When I test to ping C&C server, threshold of IP C&C is 6 but client threshold is 2.
Same as I test to downlaod malicious file on eicar, threshold of malicious is 10 but client client threshold is 8.
Please explain me 