Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Thanh_Tung
Participant

View emulation report for SBA with private cloud

Hi everyone,

I have this scenario:

- 1 TEX appliance managed by a SMC R77.30.

- 1 EPM R77.30.03 that managed SBA.

- SBA is configured to send file to TEX for TE and TX.

The emulation is fine but I can only view the forensic report on Endpoint and unable to view the TE report on EPM or SMC. It shows that "cannot be opened" when I click to open summary report.

I was doing some reseach on KB but no luck. Any help will be highly appreciated! Thank you.

11 Replies
PhoneBoy
Admin
Admin

Are you using the new Threat Emulation reports?

These should open in a web browser.

New Threat Emulation reports 

0 Kudos
Thanh_Tung
Participant

Yes, I tried to change TE report to version 1 but the issue still exist.
I'm unable to open the TE report on client:

Also tried to open the report directly in Program Data > Check Point > Endpoint Security > Threat Emulation > Reports and cannot open it as well. If i copy the file to desktop, i can open the report but the emulation screenshots is missing and the version is 1 no matter what the configured version is.

0 Kudos
PhoneBoy
Admin
Admin

I'm going to suggest opening a TAC case if you haven't already.

Thanh_Tung
Participant

Thank you. I opened the TAC case. I will update the solution here once i got it from TAC.

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus

Here is a compatibility matrix of SBA and SmartEvent:

Version

SBA TE Report

SBA Forensic Report

SmartLog R77.30.02 or higher

Yes

Yes

R77.30 SmartEvent

No

No

R77.30 NGSE with special HF

No

Yes

R80.10 SmartEvent

Latest take

 Yes

Yes 

R80.20 SmartEvent

Yes

Yes

From the screenshot you provided it looks like you try to open the reports from SmartEvent R77.30 which is not supported. But you can open them in R77.30 Smartlog. Or use one of the supported SmartEvent versions.

Regards Thomas

PS: I also created this document:

https://community.checkpoint.com/docs/DOC-2996-sandblast-agent-and-supported-smartevent-versions-for... 

Thanh_Tung
Participant

Hi Thomas,

Thank you for your information. Where i can find the SBA Forensic report in EPM's Smartview Tracker, i only see the log for SBA TE report in Tracker and cannot open it as well (SmartLog enabled on EPM).
Attached the screenshot.

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus

Hi Thanh,

do you get the same error when trying this via SmartLog ?

Regards Thomas

0 Kudos
Thanh_Tung
Participant

Hi Thomas,

Yes same error in EPM SmartLog.

I also got the information from TAC that the TE report will available in EPM first, not in SMC that managed TE appliance which make me really confused.

Best Regards,

Thanh Tung

0 Kudos
Thomas_Werner
Employee Alumnus
Employee Alumnus

Hi Thanh,

where are your logservers configured ?

One on the EPM and one on the SMC ?

So the flow is

SBA -> sending file to TE appliance -> getting back result -> SBA sending log to its logserver

So SBA is creating the TE and Forensic log by sending them to its logserver.

Regards Thomas 

0 Kudos
Thanh_Tung
Participant

Hi Thomas,
Yes, TE appliance send log to SMC and SBA send log to EPM.
I think this issue will be fixed in R80.20 which unify SMC and EPM for SBA. So i think i will give it a try.
Best Regards,
Thanh Tung

Thomas_Werner
Employee Alumnus
Employee Alumnus

Hi Thanh,

even with distributed setup you should have the ability to get the reports from Smartlog (not SmartEvent).

If not please open a case with our support.

In R80.20 (currently release at M1 - management only) endpoints and gateways can be managed from the same management and also can log to the same logserver.

Also reporting is unified.

Regards Thomas

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events