Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Deepak__
Explorer

Checkpoint custom reports

Hi, I have a Checkpoint setup running on  R80.30. I want to create a custom report with below for Incoming traffic for my internal applications.

 

1. The topmost app used 2. Amount of Bandwidth, 3. No. of Sessions, 4. Source IP. 5. Dest IP SIP 

AND

1.Top attacks, 2. Source IP, 3. Dest IP, 4. Attack Type.

0 Kudos
1 Reply
Amir_Senn
Employee
Employee

I created a statistical table widget similar to the one on "Application and URLF" report in the "High Bandwidth" view named "Top Applications / Sites By Traffic".

I removed the category and risk columns and added source and destination instead (So the fields are Application name, source, destination, traffic total bytes and logs).

SmartEvent doesn't index connection logs so the number of logs is the number of session logs.

If you want it to show only your internal apps, add it to the the filter of the widget. If those are internal apps aren't recognized by CP then I suggest adding them as custom applications. You can also group the internal apps to single object.

You can also use the custom filter if needed.

If the information needs to be more specific to SIP I recommend adding filter by services if possible.

 

For the second widget, I'm not sure I understood what's the difference between attack name and top attack (either way it will sort them by the value you choose, could be number of logs, number of severity, number of sources etc.).

Use a statistical table widget with fields Attack Name, source, destination and logs. Make sure attack name feature has the "Show each value on a separate row" and you can also do this for source field.

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events