This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
quanglnh
Participant
‎2020-04-06 06:09 PM
Jump to solution

Finding bandwidth use by host in network to determine hosts infected with coinminer.

Hi everyone,

I suddently see my bandwidth usage peak very high, after some analyze i think my users infected with coinminer. These users dont have endpoint security but they all access Internet through check point firewall. During working time, the banwitdh usage peak very high and when the users leave office it back to normal, that why i think user's devices is infected woth coinminer. And want to find which host using most bandwidth in network. I see in Log > View a bandwitdth report but when i click of that, it just empty and no data found. I also try with other reports but just the same :'no data found' or very least infor while there is a ton of logs.
Why there is many log but so very least in report ? Or can anyone please tell me is there any other way to find a list of top host using lot bandwitdh in network with Check oint firewall ?

Thanks

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
‎2020-04-07 12:45 AM
In response to quanglnh
Jump to solution

  • authentication attempts to identify possible intrusion attempts.

A Traffic view can be created to monitor the Traffic types listed in the following table.

Traffic Type

Explanation

Services

Shows the current status view about Services used through the selected gateway.

IPs/Network Objects

Shows the current status view about active IPs/Network Objects through the selected gateway.

Security Rules

Shows the current status view about the most frequently used Firewall rules.

The Name column in the legend states the rule number as previously configured in SmartConsole.

Interfaces

Shows the current status view about the Interfaces associated with the selected gateway.

Connections

Shows the current status view about current connections initiated through the selected gateway.

Tunnels

Shows the current status view about the Tunnels associated with the selected gateway and their usage.

Virtual Link

Shows the current traffic status view between two gateways (for example, Bandwidth, Bandwidth Loss, and Round Trip Time).

Packet Size Distribution

Shows the current status view about packets according to the size of the packets.

QoS

Shows the current traffic level for each QoS rule.

 

https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_LoggingAndMonitoring_Admi...

View solution in original post

0 Kudos
4 Replies
_Val_
Admin
Admin
‎2020-04-06 11:53 PM
Jump to solution

Which version are you running?

0 Kudos
quanglnh
Participant
‎2020-04-07 12:17 AM
In response to _Val_
Jump to solution

Hi Val,

I'm running R80.20

0 Kudos
_Val_
Admin
Admin
‎2020-04-07 12:41 AM
In response to quanglnh
Jump to solution

Look into Logging and Monitoring Admin Guide, under Traffic Monitoring. 

0 Kudos
_Val_
Admin
Admin
‎2020-04-07 12:45 AM
In response to quanglnh
Jump to solution

  • authentication attempts to identify possible intrusion attempts.

A Traffic view can be created to monitor the Traffic types listed in the following table.

Traffic Type

Explanation

Services

Shows the current status view about Services used through the selected gateway.

IPs/Network Objects

Shows the current status view about active IPs/Network Objects through the selected gateway.

Security Rules

Shows the current status view about the most frequently used Firewall rules.

The Name column in the legend states the rule number as previously configured in SmartConsole.

Interfaces

Shows the current status view about the Interfaces associated with the selected gateway.

Connections

Shows the current status view about current connections initiated through the selected gateway.

Tunnels

Shows the current status view about the Tunnels associated with the selected gateway and their usage.

Virtual Link

Shows the current traffic status view between two gateways (for example, Bandwidth, Bandwidth Loss, and Round Trip Time).

Packet Size Distribution

Shows the current status view about packets according to the size of the packets.

QoS

Shows the current traffic level for each QoS rule.

 

https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_LoggingAndMonitoring_Admi...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top