This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Christoph
Collaborator
4 weeks ago

Genai and learning mode question

Hello,

yesterday I enabled Tech Preview mode to check out a finding and turned it off after again.

Today I discovered a "Genai" rule option in the rule base. Idk if it's related to the enable/disable of the tech preview mode.

07-08-2025_09-39-08.png

The rule builder itself look the same and I have no idea where to put my natural language (uri regex i.e.?). I cannot find any information about this. Is this documented anywhere?

Second question. I had some SQL injections in a password field yesterday. One of them was a "legit" password matching an SQL injection (partly, mostly a false positive) and two were SQL injections by myself to confirm the previous finding.

Today I got the question, whether these 3 are malicious or benign requests, grouped together. Lets assume the first SQL injection was benign, the later malicious.
What should I answer, as I cannot split them up or should I not answer at all?
What are the consequences of flagging a malicious request as benign, in the short/medium/long term for the MLM?

Cheers

Christoph

 

 

0 Kudos
5 Replies
_Val_
Admin
Admin
3 weeks ago

Did you try documentation? https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/SaaS-Admin-Guide/Content/Topi...

0 Kudos
Christoph
Collaborator
3 weeks ago
In response to _Val_

Hello Val,

I actually did.
"Genai Protect" in the Harmony SaaS Administration Guide, as a preventive measure to regulate the usage of AI in the corporate environment is more or less a DLP solution.

"Genai protection" in the Cloudguard WAF says define a custom rule in natural language and presents the standard rule options.

The Cloud Guard WAF documentation has the Genai protection, as of now, not listed. Only the following options are available:

Documentation Overview | CloudGuard WAF

  • Accept - Traffic matching the exception's conditions will be accepted.

  •  

    Drop - Traffic matching the exception's conditions will be blocked.

  •  

    Skip - Relevant only for specific keys like "Parameter Name", "Parameter Value" and "Indicator". Allows skipping the value of the matching parameter from being inspected by the CloudGuard WAF engines. The rest of the traffic will be inspected for malicious behavior. Skip action is not supported with Scheme Validation.

  •  

    Suppress Log - Traffic matching the exception's condition will not activate their Log Trigger object/s upon event.

 

0 Kudos
_Val_
Admin
Admin
3 weeks ago
In response to Christoph

What about the link I provided you with?

0 Kudos
Christoph
Collaborator
3 weeks ago
In response to _Val_

I cannot find any information related to the Web Application Firewall in your link.

0 Kudos
_Val_
Admin
Admin
3 weeks ago
In response to Christoph

Gotcha. Let me see what I can dig out

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events