topic Re: Is there a way to see recipient and sender forensic data in Content Awarness blade logs? in Firewall and Security Management

Is there a way to see recipient and sender forensic data in Content Awarness blade logs?

Evren_Buyer — Thu, 23 Jan 2025 13:31:31 GMT

Hi everyone,

I've just enabled Content Awarness blade and it's a very useful blade to see what files are being transferred inbound and outbound in company e-mail system.

When I started to search and analyze the logs, I became aware that there is no forensic e-mail data like most important sender,and recipient fields... Without sender and recipient information in an e-mail security log file it's useless, cause it's like a FW log without source and destination.

As a matter of course, I asked this feature to local CP Tukey support and they escalated my question to CP Global. The answer is below which never satisfies me:

Hello [name redacted]

Here you are our develepor replay for your Issue

-You will only see sender and received when the Email is destined to the Check Point MTA.
-MTA supports TE. AV and Anti-Spam.
-Content awareness will not work with MTA and the Emails are processed in streaming mode (smtp). Therefore the logs will not show sender and receiver details

Regards,

Medhat Girgis – Technical Support Engineer

As a customer I'm willing the to have forensic e-mail security related data fields in SmartLog and also willing to have e-mail related syntax (like receipt, sender, subject etc) for Threat Emulation, Threat Extraction,Anti-Spam & E-Mail Security, Content Awareness blades and features.

Thanks

Evren Buyer

‌ ‌ ‌ ‌ threat extraction ‌

Re: Is there a way to see recipient and sender forensic data in Content Awarness blade logs?

PhoneBoy — Mon, 30 Apr 2018 21:35:59 GMT

I know in general we are looking to improve our MTA support.

There are some MTA features mentioned here: Check Point R80.20 Production and Public EA‌

Question: if the MTA supported Content Awareness, would you use it?

Or do you just want Content Awareness (or some other blade) to log the SMTP details?

Re: Is there a way to see recipient and sender forensic data in Content Awarness blade logs?

Evren_Buyer — Wed, 02 May 2018 06:21:43 GMT

Hi Dameon,

My answer is gonna be ABSOLUTELY YES I will use it...

May I be a volunteer for the Production and Public EA? How am I supposed to do that?

Cause like Small business companies one of which I currently work for, they never like to pay so much for Security products, CP has great solutions; I know there are many different security MTAs etc. but CP did well to collect them under one product with different blades. I also use different products like Trend Micros IMSVA solution as a second Security Layer in my mail system, which can be supported with anti-ransomware products...

And also; positioning the CP in the middle of a star-topology like in my environment is the BEST...

I think I love my CP and that's why requesting, demanding more from it...!

Benefits of CP that attracts me to use:

1) Correlated Rule base also correlated logs and management

2) Different layers different security solutions (Mail, application, FW, VPN, IPS etc)

3) Easy to coordinate with other products

4) And the MOST IMPORTANT---> All it's blades work trustfully, fast, constant and stable...

5) Great forensic features in one hand

Evren Buyer

Re: Is there a way to see recipient and sender forensic data in Content Awarness blade logs?

PhoneBoy — Wed, 02 May 2018 17:30:31 GMT

The request to the EA went to the right place.

Re: Is there a way to see recipient and sender forensic data in Content Awarness blade logs?

Evren_Buyer — Thu, 03 May 2018 07:45:34 GMT

But still there is neither an answer nor reply from @EA_support

Re: Is there a way to see recipient and sender forensic data in Content Awarness blade logs?

Bubba_95 — Fri, 24 Sep 2021 08:49:08 GMT

Hi @Evren_Buyer r Did you have the possibility to try Content Awarness on MTA?

@PhoneBoy there are some news in EA about this functionality?

Thanks

Re: Is there a way to see recipient and sender forensic data in Content Awarness blade logs?

PhoneBoy — Fri, 24 Sep 2021 20:10:01 GMT

As far as I know, Content Awareness is still not supported in MTA for the reasons mentioned above.
The EA features related to MTA above were released as part of R80.20 and should be available in later releases.
R80.30 and R80.40 also added additional MTA functionality, mostly Threat Prevention related.