This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Borut
Contributor
‎2020-11-27 04:40 AM

Custom applications in reports

Hi

We have created a custom application/site object to use in the https inspection bypass rule. It contains trusted domains and services we want to exclude from inspection. Let's call it HTTPS_inspection_bypass.  This custom app is only used in HTTPS inspection policy.

Since there is a lot of traffic to this domains this custom application is almost always on the top of the TOP applications list in the reports and the granular visibility per application/site is lost. So, instead of gmail.com, microsoft.com, lync.com etc., we only get HTTPS_inspection_bypass as an application, swallowing all the included domains, making reports somewhat lacking in precision.

I'm quite sure this is by design, but is there a way around that?

top_apps.JPG

 

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2020-11-27 09:04 AM

Perhaps instead of creating a single object, you create multiple and put them in a group in the rule instead?

0 Kudos
Amir_Senn
Employee
Employee
‎2020-11-29 12:45 AM

I suggest going to the filters and filter this application out.

Select "Application Name" "Not Equals" "<custom_application_name>"

If you have issues with that you can also try to use "Custom Filter"

Kind regards, Amir Senn
0 Kudos
D_W
Advisor
‎2020-12-01 12:01 AM
In response to Amir_Senn

Hello

it seems I have the same question (https://community.checkpoint.com/t5/Logging-and-Reporting/Show-application-group-members-in-reports/...)..

So now I added these filters but now i do not see any hits from this custom application right?

Cheers,
David

0 Kudos
Borut
Contributor
‎2020-12-01 12:40 AM
In response to D_W

Hi

yes, i have the same concern. If you're talking about report filters, then nothing contained in the custom app will show in the report. 

@D_W probably described our intentions better in his post: We would prefer to see the group members instead of the groups in the reports.

0 Kudos
anstelios
Contributor
‎2022-05-04 05:22 AM

2022 still this is the default behavior..

Is there a way to enforce logs/reports to ignore custom application category tag (not the data, just the tag) and try to show the real application on the report/log ??

A lot, if not all, of customers are asking for this...

0 Kudos