https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205058#M8158 <P>this query is works of course, but i cannot see how it is related to my issue <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>Thank you.</P><P>&nbsp;</P> Mon, 05 Feb 2024 13:47:42 GMT gm446 2024-02-05T13:47:42Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205037#M8155 <P>Hello Everyone,</P><P>As part of implementing SIEM solution in our organization i got a request from the CISO to log from the endpoint what process generates traffic.<BR />i can see in <A title="sk144192" href="https://support.checkpoint.com/results/sk/sk144192" target="_blank" rel="noopener"><SPAN class=""><SPAN class="">sk144192</SPAN></SPAN> </A>that there is a "process_name" field under "<STRONG>Harmony Endpoint - Common Fields</STRONG>".</P><P>unfortunately, i cannot find this field in actual logs for firewall, TP, Anti-Malware or Anti-Bot blades. is there anything specific i should enable for the client to log this information?</P><P>Best Regards,<BR />Yossi.</P> Mon, 05 Feb 2024 10:36:07 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205037#M8155 gm446 2024-02-05T10:36:07Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205045#M8156 <P>Hey Yossi,</P> <P>Let me check this in the lab later.</P> <P>Best,</P> <P>Andy</P> Mon, 05 Feb 2024 12:07:06 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205045#M8156 the_rock 2024-02-05T12:07:06Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205055#M8157 <P>Sorry, just working on some Azure stuff now, but have you tried below query to see if it yields anything?</P> <P>Andy</P> <P>blade:"Endpoint Compliance"</P> Mon, 05 Feb 2024 13:41:27 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205055#M8157 the_rock 2024-02-05T13:41:27Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205058#M8158 <P>this query is works of course, but i cannot see how it is related to my issue <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>Thank you.</P><P>&nbsp;</P> Mon, 05 Feb 2024 13:47:42 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205058#M8158 gm446 2024-02-05T13:47:42Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205059#M8159 <P>No no, I get that, I was just curious if it worked or not. I will check again in a bit, but you may want to open the support case in the meantime to confirm.</P> <P>Andy</P> Mon, 05 Feb 2024 13:52:13 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205059#M8159 the_rock 2024-02-05T13:52:13Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205093#M8160 <P>process_name refers to the (potentially) malicious process that is being blocked, not the blade that blocked it.<BR />Based on this SK, it would seem we don't log which blade is responsible for the block, though it can be inferred from the other fields included.<BR /><BR /></P> Mon, 05 Feb 2024 21:25:44 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205093#M8160 PhoneBoy 2024-02-05T21:25:44Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205121#M8163 <P>Hi PhoneBoy,</P><P>this is exactly the information i need, the process who is made the traffic and being blocked/allow.</P><P>Best Regards,<BR />Yossi.</P> Tue, 06 Feb 2024 07:58:37 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205121#M8163 gm446 2024-02-06T07:58:37Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205143#M8165 <P>Did you end up opening TAC case to see if you can verify that info, if its possible?</P> <P>Best,</P> <P>Andy</P> Tue, 06 Feb 2024 12:04:42 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205143#M8165 the_rock 2024-02-06T12:04:42Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205214#M8170 <P>The only place it would show...when it is relevant...is in the full log card.<BR />In any case, you may need to consult with TAC here: <A href="https://help.checkpoint.com" target="_blank">https://help.checkpoint.com</A>&nbsp;</P> Tue, 06 Feb 2024 19:16:06 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205214#M8170 PhoneBoy 2024-02-06T19:16:06Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205290#M8178 <P>Thank you all, i opened a ticket and wait for an answer.</P><P>&nbsp;</P> Wed, 07 Feb 2024 11:12:55 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205290#M8178 gm446 2024-02-07T11:12:55Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205297#M8180 <P>Let us know what they say.</P> <P>Best,</P> <P>Andy</P> Wed, 07 Feb 2024 12:22:42 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/205297#M8180 the_rock 2024-02-07T12:22:42Z https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/210336#M8469 <P>After TAC investigation my request is not possible. so we achieve this logs through Sysmon.</P><P>&nbsp;</P> Wed, 03 Apr 2024 10:51:30 GMT https://community.checkpoint.com/t5/Endpoint/process-name-log-field/m-p/210336#M8469 gm446 2024-04-03T10:51:30Z