Re: Custom applications in reports

Borut · ‎2020-11-27

Hi

We have created a custom application/site object to use in the https inspection bypass rule. It contains trusted domains and services we want to exclude from inspection. Let's call it HTTPS_inspection_bypass. This custom app is only used in HTTPS inspection policy.

Since there is a lot of traffic to this domains this custom application is almost always on the top of the TOP applications list in the reports and the granular visibility per application/site is lost. So, instead of gmail.com, microsoft.com, lync.com etc., we only get HTTPS_inspection_bypass as an application, swallowing all the included domains, making reports somewhat lacking in precision.

I'm quite sure this is by design, but is there a way around that?

PhoneBoy · ‎2020-11-27

Perhaps instead of creating a single object, you create multiple and put them in a group in the rule instead?

Amir_Senn · ‎2020-11-29

I suggest going to the filters and filter this application out.

Select "Application Name" "Not Equals" "<custom_application_name>"

If you have issues with that you can also try to use "Custom Filter"

Kind regards, Amir Senn

D_W · ‎2020-12-01

Hello

it seems I have the same question (https://community.checkpoint.com/t5/Logging-and-Reporting/Show-application-group-members-in-reports/...)..

So now I added these filters but now i do not see any hits from this custom application right?

Cheers,
David

Borut · ‎2020-12-01

Hi

yes, i have the same concern. If you're talking about report filters, then nothing contained in the custom app will show in the report.

@D_W probably described our intentions better in his post: We would prefer to see the group members instead of the groups in the reports.

Custom applications in reports

R80.10: How to show list Pushlish Task by "show ob...

Application Control Update Question

Daily log size in R77.20 SmartDashboard on Windows

Adding Threat Prevention IOC's via SmartConsole

Automate Log copy to external SFTP