This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TSOL
Advisor
‎2021-08-17 01:04 AM
Jump to solution

How engineers recognize alerts generated by engineer

We are trying to introduce Harmony Endpoint on infinity-vision.

How do system administrators know that an incident has occurred?

 

It is not realistic to see the infinity-vision every hour.

When Anti-Malware Blade detects a threat that it cannot prevent, it has found a way to send an alert email to the system administrator.
However, I couldn't find a way to send an email if an incident was detected on another blade (such as Anti-Ransomware/Threat Emulation/Behavioral Guard).

For example, I think it's most realistic to notify system administrators by email or chat when a high-severity event occurs, but is there such a feature in the infinity-vision of CheckPoint?

Please let me know if you have any other suggestions on how to notify the administrator.

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-08-19 03:47 PM
Jump to solution

You should be able to configure the SmartEvent policy to achieve this based on the precise logs and severity you're interested in.
At least you can do this for on-premise SmartEvent.
For Cloud-managed Endpoint, I'm not sure if you can bring up the SmartEvent GUI or not.
The other issue would be that the SMTP server that would be sent through would need to be accessible from the cloud, which presents its own issues.

I recommend opening a TAC case to see what the options are here.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2021-08-19 03:47 PM
Jump to solution

You should be able to configure the SmartEvent policy to achieve this based on the precise logs and severity you're interested in.
At least you can do this for on-premise SmartEvent.
For Cloud-managed Endpoint, I'm not sure if you can bring up the SmartEvent GUI or not.
The other issue would be that the SMTP server that would be sent through would need to be accessible from the cloud, which presents its own issues.

I recommend opening a TAC case to see what the options are here.

0 Kudos
MikeB
Advisor
‎2021-08-19 06:59 PM
In response to PhoneBoy
Jump to solution

Although SmartEvent can be configured to generate this type of alerts, it is a somewhat complicated process and not very easy to perform.

I think it would be a very well appreciated RFE for all customers, considering that other solutions do have plenty out of the box alerting options.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top