This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jbfixurpc
Participant
‎2020-10-01 12:02 PM

Checkpoint Content Awareness reports

Greetings all

 

I have a question about the Content Awareness Report running on R80.30

The canned report shows activity which is of interest for us over a broad spectrum mainly tied to time (i.e. last 7 days, etc) However, when we specify a specific source (either User or IP address) the content of this report shows no information as it did with the broader view. As an example, with no search criteria I can see the top 5 file types, services and top files by size, but yet when I specify a single IP address this information is not there when in fact that IP address should show up with this data. 

I've opened a TAC case on this, and it's sounding like this is going to become a RFE.

Is no one actually using this means as a way of auditing? And/or if you are, how have you worked around this?

Ultimately we need to provide auditing based on user activity regarding file download/uploading but this feature appears to be broken via the Content Awareness report. 

 

 

CA_Report.JPG

 

Thanks in advance!

0 Kudos
1 Reply
Amir_Senn
Employee
Employee
‎2020-10-04 01:20 AM

A few suggestions that might solve some of your issues:

1. Try download latest JHF, since R80.30 release we fixed some issues that might be relevant.

2. Try to move the query to report filters under "Custom Filter" see if that brings results.

3. In logs view search for the same IP, validate you do have traffic that's relevant for Content Awareness.

4. For downloading/uploading make sure you have "Accounting" on relevant rules.

5. Feel free to play with the reports yourself, you can create more custom views/reports. 

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events