https://community.checkpoint.com/t5/Firewall-and-Security-Management/Auditing-File-Uploads-with-view-to-block-using-Application-Rule/m-p/253778#M49700 <P>Gateway version - R81.20 T99; SMS management - R82, including Log Server and Smart Event.</P><P>We have an audit finding that would like us to "research ways to enhance controls preventing data uploads to unauthorized websites." There's a great Tag called "File Uploads" that we can use in a Block rule, but I want to be able to audit which sites are currently being used in our organization that would fit into the File Uploads category. I want to research which business approved sites would be blocked using this category, so we can create specific accepts above the block rule. We currently block most File Storage and Sharing sites across the organization.</P><P>I've tried searching the logs for category:"File Upload", tags:"File Upload" and cannot find any logs in our log server that match those categories. I thought I could add an Accept Rule for that tag/category in the App Control rulebase, but that may allow users to upload to file storage sites we do not want them to access.</P><P>&nbsp;</P> Wed, 23 Jul 2025 12:43:53 GMT Eric_Knopp 2025-07-23T12:43:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Auditing-File-Uploads-with-view-to-block-using-Application-Rule/m-p/253778#M49700 <P>Gateway version - R81.20 T99; SMS management - R82, including Log Server and Smart Event.</P><P>We have an audit finding that would like us to "research ways to enhance controls preventing data uploads to unauthorized websites." There's a great Tag called "File Uploads" that we can use in a Block rule, but I want to be able to audit which sites are currently being used in our organization that would fit into the File Uploads category. I want to research which business approved sites would be blocked using this category, so we can create specific accepts above the block rule. We currently block most File Storage and Sharing sites across the organization.</P><P>I've tried searching the logs for category:"File Upload", tags:"File Upload" and cannot find any logs in our log server that match those categories. I thought I could add an Accept Rule for that tag/category in the App Control rulebase, but that may allow users to upload to file storage sites we do not want them to access.</P><P>&nbsp;</P> Wed, 23 Jul 2025 12:43:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Auditing-File-Uploads-with-view-to-block-using-Application-Rule/m-p/253778#M49700 Eric_Knopp 2025-07-23T12:43:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Auditing-File-Uploads-with-view-to-block-using-Application-Rule/m-p/253784#M49701 <P>Very interesting question. Let me play around with this in my lab and see how far I get.</P> <P>Andy</P> Wed, 23 Jul 2025 13:18:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Auditing-File-Uploads-with-view-to-block-using-Application-Rule/m-p/253784#M49701 the_rock 2025-07-23T13:18:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Auditing-File-Uploads-with-view-to-block-using-Application-Rule/m-p/253794#M49731 <P>You can see what apps we include as part of File Upload on <A href="https://appwiki.checkpoint.com/appwikisdb/public.htm" target="_self">AppWiki</A>&nbsp;by simply searching for the tag "File Upload" of which there appear to be 250.</P> Wed, 23 Jul 2025 14:23:11 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Auditing-File-Uploads-with-view-to-block-using-Application-Rule/m-p/253794#M49731 PhoneBoy 2025-07-23T14:23:11Z