Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Chrischevy
Explorer
Jump to solution

Login from another country does not trigger anomaly alert

We are migrating our customers from Sonicwall Cloud App Security to Check Point Harmony Email & Collaboration. Sonicwall Cloud App Security is basically an older version of Harmony Email & Collaboration.

With Sonicwall, when a user logged in from another country (during a trip for example), we would receive an alert immediatly. With Check Point, there are no alerts and the logins are all detected as legitimate. The options to customize the Anomaly Detection are pretty limited so there is not much we can change, beside the "Impossible Travel Anomaly".

Shouldn't a login from a new country generate an anomaly alert ?

Thank you for your help

0 Kudos
1 Solution

Accepted Solutions
Chrischevy
Explorer

Thanks for the reply.

I was able to fix the issue by choosing "Alert admins" under "Suspected compromised accounts workflow". 

View solution in original post

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee

Reviewing the admin guide there should be "First time in new country" & "impossible travel" anomalies amongst others.

From an O365 perspective is the the first login for this user from that country or have they in fact travelled there before?

Within HEC how is the "suspected compromised account workflow" currently set?

 

CCSM R77/R80/ELITE
0 Kudos
Chrischevy
Explorer

Thanks for the reply.

I was able to fix the issue by choosing "Alert admins" under "Suspected compromised accounts workflow". 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events