Add AI security improvements with feedback learning

Initial commit
2025-09-05 00:25:04 +00:00 · 2025-09-04 21:38:13 +00:00
3 changed files with 11 additions and 25 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,2 @@
 # SRX AI Configuration Repository
 AI-generated network configurations for Juniper SRX
--- a/ai-suggestions/suggestion-20250905-033300.conf
+++ b/ai-suggestions/suggestion-20250905-033300.conf
@@ -1,25 +0,0 @@
 # AI-Generated SRX Configuration
 # Generated: 2025-09-05T03:33:00.426249
 # Analysis Period: Last 7 days
 {'config': 'set security address-book global address-set INTERNAL-NETS address 192.168.100.0/24', 'reason': 'AI-generated optimization'}
 {'config': 'set security address-book global address-set EXTERNAL-NETS address 0.0.0.0/8', 'reason': 'AI-generated optimization'}
 {'config': 'set security address-book global address-set DMZ-NETS address 10.0.0.0/8', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen ids-option WAN-screen icmp flood threshold 20', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen ids-option WAN-screen tcp syn-flood attack-threshold 20', 'reason': 'AI-generated optimization'}
 {'config': 'set security zones security-zone WAN screen WAN-screen', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map INTERNAL-NETS to APP-IDENTITY', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map INTERNAL-NETS app-identity junos-https', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map INTERNAL-NETS app-identity junos-ssh', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map WAN-screen to THREAT-DETECTION', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map WAN-screen threat-detection source-INTERNAL-NETS -> sid-200', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map WAN-screen threat-detection source-INTERNAL-NETS -> sid-300', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map WAN-screen to ANOMaly-DETECTION', 'reason': 'AI-generated optimization'}
 {'config': 'set security policy-map WAN-screen anomaly-detection source-INTERNAL-NETS -> sid-400', 'reason': 'AI-generated optimization'}
 {'config': 'set security rate-limit input interface ge-0/0/1.0.0.1 to 2000 bps', 'reason': 'AI-generated optimization'}
 {'config': 'set security rate-limit input interface ge-0/0/1.1.1.1 to 500 bps', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen DDoS-protection-screen for WAN-screen', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen DDoS-protection-screen icmp-flood-threshold 20', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen DDoS-protection-screen udp-flood-threshold 20', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen DDoS-protection-screen tcp-syn-flood-threshold 20', 'reason': 'AI-generated optimization'}
 {'config': 'set security screen DDoS-protection-screen port-scan-detection enable', 'reason': 'AI-generated optimization'}
--- a/ai_suggestions.conf
+++ b/ai_suggestions.conf
@@ -0,0 +1,9 @@
 # MANDATORY: Address-set definitions
 set security address-book global address-set INTERNAL-NETS address 192.168.100.0/24
 set security address-book global address-set EXTERNAL-NETS address 0.0.0.0/8
 set security address-book global address-set DMZ-NETS address 10.0.0.0/8
 # DDoS Protection - Fixed thresholds (no XML!)
 set security screen ids-option WAN-screen icmp flood threshold 20
 set security screen ids-option WAN-screen tcp syn-flood attack-threshold 20
 set security zones security-zone WAN screen WAN-screen
Author	SHA1	Message	Date
netops	9b03b78da3	Add AI security improvements with feedback learning	2025-09-05 00:25:04 +00:00
netops	c05ce2eb26	Initial commit	2025-09-04 21:38:13 +00:00
		`@@ -0,0 +1,2 @@`
							`# SRX AI Configuration Repository`
							`AI-generated network configurations for Juniper SRX`