The following is a Splunk search query that indicates potential “attacks” by source IP.  Further investigation will be needed to determine accuracy of attacks.

sourcetype = "juniper:idp" attack* | stats count by src_ip

Credit given to bbosearch.