This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Parabol
Contributor
‎2024-01-17 03:24 AM

SmartReporter - AntiVirus/Bot logs aren't populating into the reports

Hi all,

We have some custom SmartReporter reports setup, we've used them for years now. We have one which shows the past 24-hours Anti-Virus and Anti-Bot events, it's essentially built with the following columns:

Report Category: Threat Prevention

- Protection Name

- Source

- Destination

- Blade

etc... And the filter is to equal Anti-Virus OR Anti-Bot blade. A very simple report.

 

Typically this has always worked, we get emailed the report every day, and it's a nice summary of events. We can glance at it and easily see what types of attacks occurred, what IP's were involved, severity, resource/FQDNs etc.. 

Recently its stopped populating, the logs are still there, but the reporter isn't pulling them. Strangely when going on "last 24-hours" on the report, there is nothing. But change to "Past 7 days" and it populates some details, but events are still missing.

It's really inconsistent, even building a report/widget from scratch with very simple filters (E.g. show me anti-virus & anti-bot blades events) it's not populating correctly.

Our  SmartReporter is a separate VM to our management server.

We patched the SmartReporter to the latest R81.10 JHF will no joy.

Checking the antivirus/bot logs IN SmartReporter shows the logs/events are there, so the reporter has them. But for whatever reason its not putting them into the Reports via the widget, even when expanding the filters to be very open.

Is there any tshoot steps we might be able to perform to try and remedy this?

Thanks!

 

0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee
‎2024-01-17 03:57 AM

Does SmartView reports show "no data found" errors for different widgets?

Suggest reviewing Doctor Log output with TAC...

CCSM R77/R80/ELITE
0 Kudos
Parabol
Contributor
‎2024-01-17 05:14 AM
In response to Chris_Atkinson

Yes the widget shows "No data found" when selected to "Past 24-hours". If I change it from this to "Yesterday" it then loads some things (but misses a lot). If I change it to "Last 7 days" it again shows some things, but misses the entry from yesterday for example. It's very inconsistent with what it shows.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-01-17 05:36 AM
In response to Parabol

Might be a FetchedFiles issue (sk181209) which TAC can verify based on the output from Doctor Log.

 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top