- Local User Groups
I see. From a security perspective you would like NOT to add this feature.
It would be okay for me, then please use all existing icons that is used all over the Smart Event in the report.. then I would be happy 🙂
In regards to User or Computer activity it will be really helpful to get a "Forensics" type of report based on time line. The combination of Firewall and the Endpoint Agent can provide a lot of info.
The ideal is to get a "clean" type of report i.e User opened this word document, then visited this news site (omitting or hiding all the other links called from that news site) then watched this video and then opened this excel document...
I do not know technically how hard and what effort will take to get filtered out this info but will provide a helpful tool for many purposes.
CP has the tools (Firewall, Endpoint, SmartEvent), what is missing is for people to ask for it, please vote if you would like to have this kind of Intelligence reports.
I think you will have to wait for r80.20 because CP need to lift the version for the endpoint mgmt server and first then they can integrate endpoint mgmt logs into smartview.
I will agree that looking on a timeline including Secure gate ways logs with the logs from endpoint can provide a better view of what is going on in the network.
This is great, but I find the reporting for the App Control and URL Filtering blades really lacking. Can Check Point create some reporting templates for these blades that compare to what other Web Filtering products have out of the box? (Forcepoint, Bluecoat, etc) Things like Top 5 internet users by browse time, and detailed browsing logs for users? Something different than just the standard Access Control reports.
I have created some custom templates, but something official from Check Point would be great. This would help make the case for customers to replace their current web filtering solutions with Check Point.
For this requirement, we need to make custom report where we need to select URL filtering as blade add tables with Browse Time, Destination, source etc..
Yes it would be good if we have ready template
I don't mind sharing the templates I created with Check Point as an example, but I'd like to see Check Point create something official (like they did with the Cyber Attack View, GDPR, etc.). If you can provide me with your check point email address, I'll send them over.
I can see a lot of use for this with our customers, so thanks for sharing.
Can I ask I questions over some of the filter logic? On the main screen you have a set of 'Prevented Attacks' infographics which an overall filter of Drop, Reject, Block, Prevent, Redirect. The 'Directly Targeted Hosts' uses this as a a filter to select various blades, excluding some IPS protections. All good so far.
But when you click on it and look at the parent filter on the Directly Targeted Hosts view you see:
(blade:IPS AND action:detect AND...
Is this correct as the Infographic was designed for prevented attacks, not detected attacks. Also, the inherited filter looks for Drop, Reject, Block, Prevent, Redirect - so will this section view ever work
Hey Oren , The template seems to be pretty impressive.
I am facing issue with the font it does not fit into the windows and looks something like the attached screenshots.
If you see that Host Infections , Sandblast section that is how it is displayed.
Few more screenshots.
I was trying to view in smart console. I tried in the browser it is still the same. In browser after zooming out the view is better. But is there is no way it autoscales based on the application used?
Check your Windows scaling settings for fonts specifically.
I am not sure what else may be causing it in your case.
This is a screenshot of the same on my laptop with 1920x1080:
But I do see that the icons and the fonts inside the dashboard are not scalable and it could be an issue if you are running it on a lower resolution display.
Thank you Vladimir. One more query which I have is if I try to export this view in excel sheet , it does not pull up the data but will be blank
You are correct, the excel export seem to be broken. I am getting the:
and if I click "Yes" I am informed that the file is corrupted and could not be recovered.
Oren Koren, please have someone look into it.
Vladimir Yakovlev - regard exporting, will take it offline and will update
JunedRafeek kittur - can you please share with me more data so i will be able to understand a bit more. have you added something to the queries / change Threat Profile / disable blades in the GW object? (you can share it directly with me firstname.lastname@example.org) and if needed and your approval, we can have a zoom session and i will have a look in your environment and later on share the relevant insights with the community
Appreciate your response. I deleted the Old CPR which I had uploaded and uploaded again and that is working now. I did not change any profile or added any filters. I did enable some new blades I am not sure if that will affect.
I also want to export this in sheet if that is possible.
I am facing the issue again wherein attack view I cannot click on Hosts Infections or Attacks allowed policy. I can just click on Additional threat events and nothing else. We can also do zoom session if you would like to have a look at it.