Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Borut
Contributor

Custom applications in reports

Hi

We have created a custom application/site object to use in the https inspection bypass rule. It contains trusted domains and services we want to exclude from inspection. Let's call it HTTPS_inspection_bypass.  This custom app is only used in HTTPS inspection policy.

Since there is a lot of traffic to this domains this custom application is almost always on the top of the TOP applications list in the reports and the granular visibility per application/site is lost. So, instead of gmail.com, microsoft.com, lync.com etc., we only get HTTPS_inspection_bypass as an application, swallowing all the included domains, making reports somewhat lacking in precision.

I'm quite sure this is by design, but is there a way around that?

top_apps.JPG

 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Perhaps instead of creating a single object, you create multiple and put them in a group in the rule instead?

0 Kudos
Amir_Senn
Employee
Employee

I suggest going to the filters and filter this application out.

Select "Application Name" "Not Equals" "<custom_application_name>"

If you have issues with that you can also try to use "Custom Filter"

Kind regards, Amir Senn
0 Kudos
D_W
Collaborator

Hello

it seems I have the same question (https://community.checkpoint.com/t5/Logging-and-Reporting/Show-application-group-members-in-reports/...)..

So now I added these filters but now i do not see any hits from this custom application right?

Cheers,
David

0 Kudos
Borut
Contributor

Hi

yes, i have the same concern. If you're talking about report filters, then nothing contained in the custom app will show in the report. 

@D_W probably described our intentions better in his post: We would prefer to see the group members instead of the groups in the reports.

0 Kudos