This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Borut
Collaborator
Collaborator
‎2020-11-27 04:40 AM
Jump to solution

Custom applications in reports

Hi

We have created a custom application/site object to use in the https inspection bypass rule. It contains trusted domains and services we want to exclude from inspection. Let's call it HTTPS_inspection_bypass.  This custom app is only used in HTTPS inspection policy.

Since there is a lot of traffic to this domains this custom application is almost always on the top of the TOP applications list in the reports and the granular visibility per application/site is lost. So, instead of gmail.com, microsoft.com, lync.com etc., we only get HTTPS_inspection_bypass as an application, swallowing all the included domains, making reports somewhat lacking in precision.

I'm quite sure this is by design, but is there a way around that?

top_apps.JPG

 

0 Kudos
1 Solution

Accepted Solutions
anstelios
Collaborator
‎2023-03-12 10:19 AM
In response to Jimmy_Noel
Jump to solution

Very common issue after migrating from another vendor.

The only solution still remains what PhoneBoy said on the first answer,
Ditch the custom applications containing 100 URLs, and create one custom application for each URL with a name that is related to the URL so you can understand it in the reports... !!!
Then group these custom applications so you can use the groups in the rules.

Harsh,,,, I know..!!!

 

View solution in original post

0 Kudos
(1)
10 Replies
PhoneBoy
Admin
Admin
‎2020-11-27 09:04 AM
Jump to solution

Perhaps instead of creating a single object, you create multiple and put them in a group in the rule instead?

0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2020-11-29 12:45 AM
Jump to solution

I suggest going to the filters and filter this application out.

Select "Application Name" "Not Equals" "<custom_application_name>"

If you have issues with that you can also try to use "Custom Filter"

Kind regards, Amir Senn
0 Kudos
D_W
Advisor
‎2020-12-01 12:01 AM
In response to Amir_Senn
Jump to solution

Hello

it seems I have the same question (https://community.checkpoint.com/t5/Logging-and-Reporting/Show-application-group-members-in-reports/...)..

So now I added these filters but now i do not see any hits from this custom application right?

Cheers,
David

0 Kudos
Borut
Collaborator
Collaborator
‎2020-12-01 12:40 AM
In response to D_W
Jump to solution

Hi

yes, i have the same concern. If you're talking about report filters, then nothing contained in the custom app will show in the report. 

@D_W probably described our intentions better in his post: We would prefer to see the group members instead of the groups in the reports.

0 Kudos
anstelios
Collaborator
‎2022-05-04 05:22 AM
Jump to solution

2022 still this is the default behavior..

Is there a way to enforce logs/reports to ignore custom application category tag (not the data, just the tag) and try to show the real application on the report/log ??

A lot, if not all, of customers are asking for this...

0 Kudos
Jimmy_Noel
Participant
‎2023-03-12 05:57 AM
Jump to solution

Hello!

Are there any updates on this issue?

We recently switched our url-filter from another vendor to checkpoint.
We need reports to see every website (not grouped by custom application objects).
(We have several custom applications with about 100 urls.)
We can not present this kind of report to our internal affairs department.

Maybe are there any workarounds?

0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2023-03-12 09:21 AM
In response to Jimmy_Noel
Jump to solution

If you want to see all the application you will need to use a table widget.

The tables are also limited to a specific number that could be shown on screen but if you edit the view/report settings and check the "Split table over multiple pages" and select your table and "No page limit". Now when you perform export on this view it will show all the matches will split it across as many pages as needed.

Kind regards, Amir Senn
Preview file
77 KB
0 Kudos
anstelios
Collaborator
‎2023-03-12 10:19 AM
In response to Jimmy_Noel
Jump to solution

Very common issue after migrating from another vendor.

The only solution still remains what PhoneBoy said on the first answer,
Ditch the custom applications containing 100 URLs, and create one custom application for each URL with a name that is related to the URL so you can understand it in the reports... !!!
Then group these custom applications so you can use the groups in the rules.

Harsh,,,, I know..!!!

 

0 Kudos
(1)
Jimmy_Noel
Participant
‎2023-03-17 09:53 AM
In response to anstelios
Jump to solution

Thank you for your replies.
Well i unterestimated the amount of url entries.
In total we have above 3000 url entries... (yes) 
So we are still thinking about alternatives.

0 Kudos
Jimmy_Noel
Participant
‎2025-08-18 11:07 PM
In response to Jimmy_Noel
Jump to solution

Sadly, still no solution.
We also have to have some custom applications with url: *.tld
So it is impossible to get a granular report/view for each website (website.tld).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events