Hi Chris,

I access "http(s)://131.188.40.189" ,  the traffic can be block by Anti-bot (URL Reputation). but ping 131.188.40.189 or telnet 131.188.40.189 25, the traffic goes through.

Can I generate IPs reputation logs on production? I try several times but not luck.

What kind of tests can trigger IPs reputation logs?
Is it possible to create IPs reputation log record via Threatwiki page for demo?

HI Chris

in this example. according to "https://urlcat.checkpoint.com/urlcat/main.htm".

if i enter the ip "131.188.40.189", it will be shown URL Reputation not IP Reputation.

The Anti-bot Protection name (Reputation IP/Reputation URLs / Reputation Domain) confuses me.

As far as I know

1. Reputation IP => xxx.xxx.xxx.xxx

2. Reputation URLs => www.bot.com/xxx.exe

3. Reputation Domain => www.bot.com

For this case, if we want to show log of "Reputation IP" in the Logs and Monitoring, would it be possible?

For context:

What confidence level is the profile/blade set to enforce?

Also are the protections correctly reporting up to date in the necessary areas/domain per sk171644.

My setting as below

same issue:

https://youtu.be/djhQncknDH0

This thread is about Gateway protections

Whereas your video is Endpoint or must I keep watching to a particular timestamp?

If for Endpoint I suggest starting a new thread.

you rught mine for endpoint

Hi PhoneBoy,

We have a lots of "Reputation IPs"  for Anti-Bot Protection show as below, but never see "IP reputation" type on log.

Is it possible to generate "IPs reputation logs" without using indicator files/ external IOC feed?

Not as far as I know because of how the decision to block is made (IP Reputation being just one factor).

When you use an external indicator feed and block based purely on that, we can make the clear statement in the logs that it's an "IP Reputation" reason. 

Was this screenshot from demo mode or elsewhere the protections look out of date by 6-months at the time of posting (refer: sk171644)?