- CheckMates
- :
- Products
- :
- Harmony
- :
- Endpoint
- :
- How engineers recognize alerts generated by engine...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How engineers recognize alerts generated by engineer
We are trying to introduce Harmony Endpoint on infinity-vision.
How do system administrators know that an incident has occurred?
It is not realistic to see the infinity-vision every hour.
When Anti-Malware Blade detects a threat that it cannot prevent, it has found a way to send an alert email to the system administrator.
However, I couldn't find a way to send an email if an incident was detected on another blade (such as Anti-Ransomware/Threat Emulation/Behavioral Guard).
For example, I think it's most realistic to notify system administrators by email or chat when a high-severity event occurs, but is there such a feature in the infinity-vision of CheckPoint?
Please let me know if you have any other suggestions on how to notify the administrator.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should be able to configure the SmartEvent policy to achieve this based on the precise logs and severity you're interested in.
At least you can do this for on-premise SmartEvent.
For Cloud-managed Endpoint, I'm not sure if you can bring up the SmartEvent GUI or not.
The other issue would be that the SMTP server that would be sent through would need to be accessible from the cloud, which presents its own issues.
I recommend opening a TAC case to see what the options are here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should be able to configure the SmartEvent policy to achieve this based on the precise logs and severity you're interested in.
At least you can do this for on-premise SmartEvent.
For Cloud-managed Endpoint, I'm not sure if you can bring up the SmartEvent GUI or not.
The other issue would be that the SMTP server that would be sent through would need to be accessible from the cloud, which presents its own issues.
I recommend opening a TAC case to see what the options are here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Although SmartEvent can be configured to generate this type of alerts, it is a somewhat complicated process and not very easy to perform.
I think it would be a very well appreciated RFE for all customers, considering that other solutions do have plenty out of the box alerting options.
