Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

The meaning of null in action field for SmartDefense

Hi.  now I need to design security rules in  SIEM for checkpoint SmartDefense(IPS)

In order to do so,    i need to know why some SmartDefense log does not have type of action such as accept in it.

based on action, i 'd like to catch events to create an alert in SIEM.

 

 

0 Kudos
6 Replies
Highlighted

Re: The meaning of null in action field for SmartDefense

I think these are related to alerts that notify concerning some kind of event, but do not directly block traffic.  Can you please provide a properly-redacted screenshot of an example?

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Ivory

Re: The meaning of null in action field for SmartDefense

Hi, thank you for the reply.

The log now I see in SIEM is really close to " 3.CheckPoint" in a post.

 

0 Kudos
Highlighted
Admin
Admin

Re: The meaning of null in action field for SmartDefense

What Tim is asking for is a screenshot of the redacted log entry from SmartView/SmartConsole.
0 Kudos
Ivory

Re: The meaning of null in action field for SmartDefense

Hi,  Thank you for the reply.

Unfortunately,  I can not provide with it, because it includes my customer information.

This is why I just showed a sample in  a post.

0 Kudos
Highlighted

Re: The meaning of null in action field for SmartDefense

"Close" is not good enough and will just lead to fruitless speculation.  Please blur out or redact any sensitive data and post a screenshot of what you are seeing.

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Admin
Admin

Re: The meaning of null in action field for SmartDefense

This is why we suggested redacting the sensitive information in the screenshot before posting it.
If you don't wish to post it, I recommend opening a case with the TAC.
0 Kudos