cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Kim_Moberg
Silver

Re: Threat Prevention Cyber-attacks dashboard

Hi Oren

I see. From a security perspective you would like NOT to add this feature.

It would be okay for me, then please use all existing icons that is used all over the Smart Event in the report.. then I would be happy 🙂

Thanks

Kim

Best Regards
Kim
0 Kudos
Employee+
Employee+

Re: Threat Prevention Cyber-attacks dashboard

will do Smiley Happy

Re: Threat Prevention Cyber-attacks dashboard

Excellent Dashboard, thanks Oren!

0 Kudos

Re: Threat Prevention Cyber-attacks dashboard

Well. Now I have made User Specific report. We can do so many stuff but need to research.

Re: Threat Prevention Cyber-attacks dashboard

In regards to User or Computer activity it will be really helpful to get a "Forensics" type of report based on time line. The combination of Firewall and the Endpoint Agent can provide a lot of info. 

The ideal is to get a "clean" type of report i.e User opened this word document, then visited this news site (omitting or hiding all the other links called from that news site) then watched this video and then opened this excel document...

I do not know technically how hard and what effort will take to get filtered out this info but will provide a helpful tool for many purposes. 

CP has the tools (Firewall, Endpoint, SmartEvent), what is missing is for people to ask for it, please vote if you would like to have this kind of Intelligence reports.

Kim_Moberg
Silver

Re: Threat Prevention Cyber-attacks dashboard

I think you will have to wait for r80.20 because CP need to lift the version for the endpoint mgmt server and first then they can integrate endpoint mgmt logs into smartview.

I will agree that looking on a timeline including Secure gate ways logs with the logs from endpoint can provide a better view of what is going on in the network.

Best Regards
Kim

Re: Threat Prevention Cyber-attacks dashboard

This is great, but I find the reporting for the App Control and URL Filtering blades really lacking. Can Check Point create some reporting templates for these blades that compare to what other Web Filtering products have out of the box? (Forcepoint, Bluecoat, etc) Things like Top 5 internet users by browse time, and detailed browsing logs for users?  Something different than just the standard Access Control reports. 

I have created some custom templates, but something official from Check Point would be great. This would help make the case for customers to replace their current web filtering solutions with Check Point.

Re: Threat Prevention Cyber-attacks dashboard

Hi,

For this requirement, we need to make custom report where we need to select URL filtering as blade add tables with Browse Time, Destination, source etc..

Yes it would be good if we have ready template Smiley Happy 

Employee+
Employee+

Re: Threat Prevention Cyber-attacks dashboard

Can you please send me there templates so I can review and possibly add them to next release?

0 Kudos

Re: Threat Prevention Cyber-attacks dashboard

I don't mind sharing the templates I created with Check Point as an example, but I'd like to see Check Point create something official (like they did with the Cyber Attack View, GDPR, etc.).  If you can provide me with your check point email address, I'll send them over.

Aaron

0 Kudos
Employee+
Employee+

Re: Threat Prevention Cyber-attacks dashboard

dadosh@checkpoint.com

Written on my profile as well.

Thanks

0 Kudos
Highlighted
Dave_Hoggan
Nickel

Re: Threat Prevention Cyber-attacks dashboard

Hi,

I can see a lot of use for this with our customers, so thanks for sharing.

Can I ask I questions over some of the filter logic? On the main screen you have a set of 'Prevented Attacks' infographics which an overall filter of Drop, Reject, Block, Prevent, Redirect. The 'Directly Targeted Hosts' uses this as a a filter to select various blades, excluding some IPS protections. All good so far.

But when you click on it and look at the parent filter on the Directly Targeted Hosts view you see: 

(blade:IPS AND action:detect AND...

Is this correct as the Infographic was designed for prevented attacks, not detected attacks. Also, the inherited filter looks for Drop, Reject, Block, Prevent, Redirect - so will this section view ever work

Cyber View Filter

Thanks,


Dave

0 Kudos

Re: Threat Prevention Cyber-attacks dashboard

Hi,

Someone has asked about specific user activity based on time and browsing. Please find below setting which I have done.

0 Kudos
Employee+
Employee+

Re: Threat Prevention Cyber-attacks dashboard

Hey,

we took it offline in our conversation Smiley Happy

will update in the thread after our session.

Thanks,

Oren

0 Kudos

Re: Threat Prevention Cyber-attacks dashboard

Oren Koren

Hey Oren , The template seems to be pretty impressive. 

I am facing issue with the font it does not fit into the windows and looks something like the attached screenshots.

If you see that Host Infections , Sandblast section that is how it is displayed.

Few more screenshots.

0 Kudos
Vladimir
Pearl

Re: Threat Prevention Cyber-attacks dashboard

What are your scaling settings, if viewing this in SmartConsole?

If it is in a browser, try scaling down (zooming out).

0 Kudos

Re: Threat Prevention Cyber-attacks dashboard

I was trying to view in smart console. I tried in the browser it is still the same. In browser after zooming out the view is better. But is there is no way it autoscales based on the application used?

0 Kudos
Vladimir
Pearl

Re: Threat Prevention Cyber-attacks dashboard

Check your Windows scaling settings for fonts specifically.

I am not sure what else may be causing it in your case.

This is a screenshot of the same on my laptop with 1920x1080:

But I do see that the icons and the fonts inside the dashboard are not scalable and it could be an issue if you are running it on a lower resolution display.

0 Kudos

Re: Threat Prevention Cyber-attacks dashboard

Thank you Vladimir. One more query which I have is if I try to export this view in excel sheet , it does not pull up the data but will be blank 

0 Kudos
Vladimir
Pearl

Re: Threat Prevention Cyber-attacks dashboard

You are correct, the excel export seem to be broken. I am getting the:

and if I click "Yes" I am informed that the file is corrupted and could not be recovered.

Oren Koren‌, please have someone look into it.

Thank you,

Vladimir

Re: Threat Prevention Cyber-attacks dashboard

Hey Gaurav,

Will you be able to share the template which you created?

0 Kudos

Re: Threat Prevention Cyber-attacks dashboard

Oren Koren

Any update on the CSV export of this attack template.

Re: Threat Prevention Cyber-attacks dashboard

Hi Juned,

Please let me know which template you are talking about. Specific user based?

Re: Threat Prevention Cyber-attacks dashboard

@Oren Koren Cyber attach view has stopped working now. If I click on the host infections it does not drill down anymore.

Employee+
Employee+

Re: Threat Prevention Cyber-attacks dashboard

Vladimir Yakovlev‌ - regard exporting, will take it offline and will update

JunedRafeek kittur‌ - can you please share with me more data so i will be able to understand a bit more. have  you added something to the queries / change Threat Profile / disable blades in the GW object? (you can share it directly with me orenkor@checkpoint.com) and if needed and your approval, we can have a zoom session and i will have a look in your environment and later on share the relevant insights with the community

 

Thanks,

Oren

0 Kudos

Re: Threat Prevention Cyber-attacks dashboard

Appreciate your response. I deleted the Old CPR which I had uploaded and uploaded again and that is working now. I did not change any profile or added any filters. I did enable some new blades I am not sure if that will affect.

I also want to export this in sheet if that is possible.

Re: Threat Prevention Cyber-attacks dashboard

Hello Oren,

I am facing the issue again wherein attack view I cannot click on Hosts Infections or Attacks allowed policy. I can just click on Additional threat events and nothing else. We can also do zoom session if you would like to have a look at it.

0 Kudos