Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Oren_Koren
Employee Alumnus
Employee Alumnus

IPS utilization report - Smart View

Hey all,

I believe that most of us that enabled IPS in our environment, asked one of the following questions:

  • "if I will move to prevent, what will happen to my network"
  • "Should I do it a step-by-step? how?"
  • "is there any tool that i can use to eliminate any potential impact on my network"

for those question we have created multiple documentations with formal procedures.

Now, we have created a new Smart View report that allows you to understand your IPS utilization status and base on different step-by-step procedures, utilize the blade for maximum protection and minimum business impact.

You can download the CPR file (for Smart-View) from the following link:

https://gofile.io/?c=DBShEe

If you want to influence, you are welcome to replay to this blog with any insight or change you believe we need to add/change. we will change the report based on your needs and will upload a new one until we will have a report that will be release as part of the next GA + Jumbo.

Thanks,

Oren

Page1.JPGPage2.JPGPage3.JPG

 

 

 

 

 

 

7 Replies
MikeB
Advisor

Really a very useful view within SmartEvent. Thanks for sharing!.
Could you also share what are the documents with formal procedures that you mention were already created??
0 Kudos
Oren_Koren
Employee Alumnus
Employee Alumnus

Hey,

this post will assist 🙂

https://community.checkpoint.com/t5/Taiwan%E8%AB%96%E5%A3%87/New-IPS-Best-Practice-Guide-for-R80-10/...

have you managed to import the template? any inputs/changes needed?

 

Thanks,

Oren

 

0 Kudos
Danny
Champion Champion
Champion

For all the IPS protections mentioned in the report the IPS detail descriptions including CVE numbers should be included as well. These are shown in the IPS protections list within SmartConsole but are not part of any report.

When sitting in C-level meetings to decide which IPS protections the firewall admins have to take care of and change from detect to prevent most people don't know what a specific IPS protection does, how critical the relevant protection is and so on. For two years now we are screen shotting the IPS protection details manually and include them in the report as image references, which is a very time consuming process.

Oren_Koren
Employee Alumnus
Employee Alumnus

Hey,

added the CVE into the report (see the attached image)

can you please elaborate on the second thing a bit more?Page3_2.JPG

Thanks,

Oren

Danny
Champion Champion
Champion

@Oren_Koren ,

the second thing was about the IPS Threat Description as shown here:

image.png

How can we add this to the SmartEvent report?

Oren_Koren
Employee Alumnus
Employee Alumnus

Hey,

the data we have in the log is name of the signature only.

we cant query from Smart-View on the IPS signatures DB that is presented in the list of IPS protections.

does the name and information on the signature is not enough? i just think on the quantity of text that we will present in the report and it will be A LOT

 

what do you think?

 

Thanks,

Oren

 

0 Kudos
frankcar
Contributor

Hi hope you dont mind,

your report is great for helping me out.

I change the report to show prevented attacks and top sources.

attached it below if it helps anyone out.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events