topic How engineers recognize alerts generated by engineer in Endpoint

How engineers recognize alerts generated by engineer

TSOL — Tue, 17 Aug 2021 08:04:48 GMT

We are trying to introduce Harmony Endpoint on infinity-vision.

How do system administrators know that an incident has occurred?

It is not realistic to see the infinity-vision every hour.

When Anti-Malware Blade detects a threat that it cannot prevent, it has found a way to send an alert email to the system administrator.
However, I couldn't find a way to send an email if an incident was detected on another blade (such as Anti-Ransomware/Threat Emulation/Behavioral Guard).

For example, I think it's most realistic to notify system administrators by email or chat when a high-severity event occurs, but is there such a feature in the infinity-vision of CheckPoint?

Please let me know if you have any other suggestions on how to notify the administrator.

Re: How engineers recognize alerts generated by engineer

PhoneBoy — Thu, 19 Aug 2021 22:47:56 GMT

You should be able to configure the SmartEvent policy to achieve this based on the precise logs and severity you're interested in.
At least you can do this for on-premise SmartEvent.
For Cloud-managed Endpoint, I'm not sure if you can bring up the SmartEvent GUI or not.
The other issue would be that the SMTP server that would be sent through would need to be accessible from the cloud, which presents its own issues.

I recommend opening a TAC case to see what the options are here.

Re: How engineers recognize alerts generated by engineer

MikeB — Fri, 20 Aug 2021 01:59:10 GMT

Although SmartEvent can be configured to generate this type of alerts, it is a somewhat complicated process and not very easy to perform.

I think it would be a very well appreciated RFE for all customers, considering that other solutions do have plenty out of the box alerting options.