This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
zaoar
Participant
‎2023-12-13 01:51 AM

Search Logs using Domain Name in Src

Hi mates,

 

I was wondering if there is any way or workaround to do a search in logs (gathering all my logs on SMS)

using an *.domain_name*  as source.

I ve seen another thread with similar question and answer is : "i cant " 

But since this was a 2020 topic and we are now almost 4 years after , I was wondering if anything changed.

 

A guess would be that Source in logs is stored with IP only and on SmartConsole when I query them there is a live reverse lookup happening, and that's why i see the names listed in Source, but this information is  not stored so i cant use this parameter to search???

Or maybe not...  🙂

 

Anyone can help me or take me out of my miserly confirming that there is nothing i can do?

 

Regards,

Aris

0 Kudos
2 Replies
G_W_Albrecht
Legend Legend
Legend
‎2023-12-13 05:37 AM

You can only search for src: if the search term resolves to an IP.

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
zaoar
Participant
‎2023-12-13 06:32 AM
In response to G_W_Albrecht

i,

 

thanks for reply.

Ok this makes sense 

Although a SmartConsole feature to be able to filter src: *domainname* on a list of logs that has been already resolved would be great.

I mean, fore example, 

I've filtered my logs for a specific timeframe and dst machine in my DMZ network and I am able to see a list of logs with Sources IPs and resolved names. Which is great. All I need now is to filter on top of this result using part of domain name as source.

 

I mean i realized and tested and works, that if i export the search result to a csv, the domain names are also exported. So I can then do what i need from Excell and find for example if any source *domainname* accessed my DST server.

Regards,

Aris

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top