Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ed_Eades
Contributor

antibot usercheck redirect

I have been doing some testing with the usercheck feature with antibot.  I have antibot enabled and setup with just a few test IPs for the scope and that is working well.  We would like to present the users with a block page if a device attempts to go to a known bot controlled site.  I tested some with using the usercheck on the firewall and also using the redirect feature.  We would prefer to use the redirect feature if possible.  My web programming team is assisting with getting the site setup for the redirect and we would like to include the URL and Activity on the page that is presented.  These options are available when using the usercheck on the firewall.  The web programming team has asked if we could find out what the http parameters are for the URL and Activity.  When testing with the usercheck on the firewall these do not appear to be included in the url.  Is it possible to pass these parameters when redirecting? 

Thanks in advance.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

As far as I know, the only information you can pass is the Incident ID, and only if that option is specified in the UserCheck interaction. 

The Incident ID can be looked up in the logs as described here (but not with an API call at the moment): Searching for Incident ID when using UserCheck 

You may want to customize the UserCheck portal a bit more instead of writing your own, refer to How to customize and localize the UserCheck portal 

0 Kudos
Ed_Eades
Contributor

Thanks for the response and I had looked at the customize SK.  We may not end up having to customize a usercheck page.  We currently have a Cisco Web Security Appliance (WSA) in place for url filtering and it provides anti-malware protection as well.  Would there be any differences with the CheckPoint Antibot and Antivirus blades compared to the Cisco WSA Anti-Malware protection?  Would the CheckPoint blades offer any extra protection in addition to what the Cisco Web Security Appliance is offering?  If the CheckPoint antibot and antivirus blades offer extra protections it may be worth having both active.  I have done some testing and when I have Antibot set to not display usercheck our Cisco Web Security Appliance user page will display and it is logged in the CheckPoint as well.  I am trying to determine if it is worthwhile to have the CheckPoint antibot and antivirus blades active as well.  The Cisco WSA will only protect against 80 and 443 traffic.

0 Kudos
PhoneBoy
Admin
Admin

One benefit to using the Check Point solution in general is that we are not limited to port 80/443.

Anti-Bot will pick up outgoing command and control traffic and will work on any port.

We can also do other inspections with IPS, Threat Emulation (for zero-day malware) and the like.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events