This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LazarusG
Contributor
Contributor
6 hours ago

Infinity log ingestion rate has suddenly and dramatically increased for AM 'event type update'

Hi

We have a customer who is receiving emails from Checkpoint that their log ingestion rate is exceeding 50Gb and that they need to buy more storage.

This started from December - the log ingestion graph shows a flat line of nothing and then it explodes.

The customer is unaware of any changes in the environment.

It references two SK;

SK181096 - How to optimize cloud logs

SK182394 - Cloud log analytic & logging - ingestion/Retention solution.

For the second SK I'm not sure that customers have access to the product catalog(?)

For the first SK we followed the steps to identify the logs with a view to tuning the policy.

However when we filter as described we find that the logs are 100% Low Severity, 98.5% Event type update, 70.63% anti malware blade.

As such there is no matching rule so we cant follow the advice in the SK, we cant see how to prevent this log type from being ingested - does anyone have any ideas?

They are on E88.32.2003.

Thanks!

 

0 Kudos
2 Replies
Peter_Lyndley
Advisor
Advisor
6 hours ago

yes, i will second that... starting about a week ago , we also started seeing this on some of our customers too. Sorry i dont have an answer for you.

0 Kudos
LazarusG
Contributor
Contributor
5 hours ago
In response to Peter_Lyndley

thanks for confirming! nice to know its not isolated - well its not 'nice' its happening elsewhere but its at least a sanity check 🙂

0 Kudos
Upcoming Events

    CheckMates Events