Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Juan_Concepcion
Advisor

R80.10 SmartEvent

I am starting this discussion in an effort to get feedback on what other's experiences are with SmartEvent.  It seemed like it was solid up until R80.10.  Since this build I've had multiple issues with the product:

  1. R80.10 SME --> R80.10 (Upgraded Manager) - can't get the database to sync
  2. R80.10 SME --> R77.30 - couldn't get them to communicate and after some digging found that they were having issues communicating via sic.  Had to go into $FWDIR/conf/fwopsec.conf and uncomment line 54 on both devices and restart services for it to work.
  3. R80.10 SME --> R80.10 (Fresh build) -- Everything seems to work fine but when I try to log into SmartEvent settings it just pops up the login prompt.
  4. R80.10 SME doesn't send e-mails for scheduled reports (runs them fine)
  5. R80.10 SME when configuring a scheduled report e-mail address disappears when you change the time schedule and save.

Would be very interested in finding out what other folks experiences were.

6 Replies
Danny
Champion Champion
Champion

SmartEvent R80.10 is the best Event Analyzer, Viewing and Reporting Tool I have ever seen.

It's easy to set up, features all kind of customization options, allows for quick and easy Security Check Up's, even provides languages support, handles third-party log formats, also connects to an R77.30 Security Management Server, can be completely managed Web-based (SmartView) within your browser > I recommend this to all our customers.

https://smartevent.server/smartview

Report Generation was an issue sometimes, but Check Point fixed it, so install the latest HFA.

When setting it up, don't forget to configure it via the classic SmartEvent GUI initially (C:\Program Files (x86)\CheckPoint\SmartConsole\R80.10\PROGRAM\AnalyzerClient.exe) in order to define Correlation Units, Install Event Policy, define Automatic Reactions such as E-Mail Alerts etc. The SmartEvent reports and views can then easily be generated via the consolidated R80.10 GUI.

0 Kudos
Juan_Concepcion
Advisor

While I appreciate the copy/paste I'd like some real world feedback.

Thanks,

Juan

Danny
Champion Champion
Champion

This is real world feedback. You described a lot of issue's I'm not experiencing when working with SmartEvent at all. I've taken the screen shots and information above from actively running SmartEvent servers and didn't copy them off a website or something.

0 Kudos
Juan_Concepcion
Advisor

Again appreciate the feedback.

Sent from my iPhone

0 Kudos
Daniel_Kavan
Advisor

I love smartevent.    And the auditors want to see more.  Is there a way to export the policy?  For every audit I have to take screen shots of every defense policy ie Scans section, DoS, Anomalies, etc .   I see an option File - Export Events to csv file, but its grayed out.  Plus, I suspect that is for events not the policy itself.    Seeing the policy in a pdf or csv might make it easier for the security team & auditors to review.  And save me from using the snipping tool.

the_rock
Legend
Legend

I believe you are correct, I could not find option to export the policy either, just the events. I agree it would be nice to have that ability. Happy holidays : - )

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events