This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RafaelSantiago
Explorer
‎2024-09-16 07:25 AM

Mismatch in Infinity Portal's Infinity Event logs

Hello everyone, I'm encountering a peculiar situation on Infinity Portal's Infinity Events tab.

Q1:

As you can see in the picture, I have selected a random day of security event logs to inspect. On the time range 9/9/2024 12:00 AM to 9/9/2024 01:00 AM (*Fixed typo that previously said "9/9/2024 12:00 AM to 9/10/2024 01:00 AM it says it has around 5 million logs" *) it says it has around 5 million logs. 

logs in a day.png

However, if I click on the first column, that represents the logs in that day, from 12:00 AM to 01:00 AM, I get this:

logs in an hour.png

The statistics graph shows columns that represent 5 minute intervals, but adding up the numbers in all columns, I get around 33K logs in that hour, nowhere near 5 million. This behaviour is consistent, independently of the day or hour I select. 

Q1: Is this some kind of visual bug, or am I interpreting these results in the wrong way? 

 

Q2: 

On another note, its visible on the previous photos that all logs are relative to the Product Family Quantum and Cloud Service Quantum Smart-1 Cloud, which is to be expected with the current deployment.

However, when I go to Quantum Security Management & Smart-1 Cloud - Logs & Events and select Logs and the same time range I see this:

logs in day on security management.png

Now there's around 223K logs in that hour as opposed to the 5 million in the Infinity Events. As per my understanding the logs should be the same, but even in the scenario where the 5 million was a visual bug, it still wouldn't make sense because for the time period 9/9/2024 12:00 AM to 9/10/2024 01:00 AM, in the Security Management Logs it says 223K logs and in Infinity Events it says 33K.

I download 10K lines (maximum allowed) of the logs in both the Infinity Events and in Security Management, and after looking at a couple of random lines they seem to contain the same information (unfortunately that doesn't mean much because the 10K lines only contained logs regarding 3 seconds of that whole hour, because of the large amount of logs, so I can't say for sure that the rest of the logs would match)

Q2: If all the logs I have are generated by Quantum Security Management, why are the quantities of logs in Infinity Events and Quantum Security Management different? 

 

 

 

3 Replies
PhoneBoy
Admin
Admin
‎2024-09-16 09:56 AM

"9/9/2024 12:00 AM to 9/10/2024 01:00 AM it says it has around 5 million logs" represents a 25 hour timeframe versus a 1 hour timeframe.
That might explain why these numbers are so far off.

0 Kudos
RafaelSantiago
Explorer
‎2024-09-17 01:29 AM
In response to PhoneBoy

Hi @PhoneBoy , thank you for the reply. It was my mistake. I meant to say "9/9/2024 12:00 AM to 9/9/2024 01:00 AM it says it has around 5 million logs". I fixed it in the post.

The first column on the time frame 9/9/2024 12:00 AM to 9/10/2024 12:00 AM represents the amount of logs from 12:00 AM to 01:00 AM (5 430 578), however when I click said column I get that Statistics graphs, that has around 33K logs.

0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-17 02:17 PM
In response to RafaelSantiago

I wonder if "Logs" are being used where "Correlated Events" may be more appropriate.
If you open an individual log, do you see evidence of that?
There should be a counter inside the log card that reflects this.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Trending Discussions
Events - December New Releases
Upcoming Events

    CheckMates Events