This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bob111
Contributor
yesterday
Jump to solution

Alert about increase in a specific type of log ("First packet isn't SYN" for me)

Hello guys,
I have a firewall gateway cluster  with a manager, version 81.10. I am looking for ways to get an alert about an increase of the log "First packet isn't SYN", whether it is with skyline or some other alert mechanism, through the api or even a cli command that would let me do a query on the logs.
If anyone has suggestions I would love to hear. Thanks:) 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
yesterday
Jump to solution

If it shows up in a search (e.g. with SmartView), you can query via API here: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v2%20 
Whether these kinds of messages are "indexed" or not is a separate question.

View solution in original post

3 Replies
AkosBakos
Leader Leader
Leader
yesterday
Jump to solution

Hi @bob111 

  • I suggest you to upgrade it to R81.20 because the support of R81.10 will expired soon. 🙂
  • Are you sending the logs to any kind SIEM?
  • Have you checked the features of the SmartEvent?
    • I am not 100% sure, maybe you can set such kind of threshold there

Akos

  •  
----------------
\m/_(>_<)_\m/
PhoneBoy
Admin
Admin
yesterday
Jump to solution

If it shows up in a search (e.g. with SmartView), you can query via API here: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-logs~v2%20 
Whether these kinds of messages are "indexed" or not is a separate question.

bob111
Contributor
12 hours ago
In response to PhoneBoy
Jump to solution

Thank you very much, exactly what I was looking for!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events