Custom applications in reports

Borut · ‎2020-11-27

Hi

We have created a custom application/site object to use in the https inspection bypass rule. It contains trusted domains and services we want to exclude from inspection. Let's call it HTTPS_inspection_bypass. This custom app is only used in HTTPS inspection policy.

Since there is a lot of traffic to this domains this custom application is almost always on the top of the TOP applications list in the reports and the granular visibility per application/site is lost. So, instead of gmail.com, microsoft.com, lync.com etc., we only get HTTPS_inspection_bypass as an application, swallowing all the included domains, making reports somewhat lacking in precision.

I'm quite sure this is by design, but is there a way around that?

PhoneBoy · ‎2020-11-27

Perhaps instead of creating a single object, you create multiple and put them in a group in the rule instead?

Amir_Senn · ‎2020-11-29

I suggest going to the filters and filter this application out.

Select "Application Name" "Not Equals" "<custom_application_name>"

If you have issues with that you can also try to use "Custom Filter"

Kind regards, Amir Senn

D_W · ‎2020-12-01

Hello

it seems I have the same question (https://community.checkpoint.com/t5/Logging-and-Reporting/Show-application-group-members-in-reports/...)..

So now I added these filters but now i do not see any hits from this custom application right?

Cheers,
David

Borut · ‎2020-12-01

Hi

yes, i have the same concern. If you're talking about report filters, then nothing contained in the custom app will show in the report.

@D_W probably described our intentions better in his post: We would prefer to see the group members instead of the groups in the reports.

anstelios · ‎2022-05-04

2022 still this is the default behavior..

Is there a way to enforce logs/reports to ignore custom application category tag (not the data, just the tag) and try to show the real application on the report/log ??

A lot, if not all, of customers are asking for this...

Jimmy_Noel · ‎2023-03-12

Hello!

Are there any updates on this issue?

We recently switched our url-filter from another vendor to checkpoint.
We need reports to see every website (not grouped by custom application objects).
(We have several custom applications with about 100 urls.)
We can not present this kind of report to our internal affairs department.

Maybe are there any workarounds?

Amir_Senn · ‎2023-03-12

If you want to see all the application you will need to use a table widget.

The tables are also limited to a specific number that could be shown on screen but if you edit the view/report settings and check the "Split table over multiple pages" and select your table and "No page limit". Now when you perform export on this view it will show all the matches will split it across as many pages as needed.

Kind regards, Amir Senn

anstelios · ‎2023-03-12

Very common issue after migrating from another vendor.

The only solution still remains what PhoneBoy said on the first answer,
Ditch the custom applications containing 100 URLs, and create one custom application for each URL with a name that is related to the URL so you can understand it in the reports... !!!
Then group these custom applications so you can use the groups in the rules.

Harsh,,,, I know..!!!

Jimmy_Noel · ‎2023-03-17

Thank you for your replies.
Well i unterestimated the amount of url entries.
In total we have above 3000 url entries... (yes)
So we are still thinking about alternatives.

Are you a member of CheckMates?

Custom applications in reports