This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Borut
Collaborator
Collaborator
‎2020-11-27 04:40 AM

Custom applications in reports

Hi

We have created a custom application/site object to use in the https inspection bypass rule. It contains trusted domains and services we want to exclude from inspection. Let's call it HTTPS_inspection_bypass.  This custom app is only used in HTTPS inspection policy.

Since there is a lot of traffic to this domains this custom application is almost always on the top of the TOP applications list in the reports and the granular visibility per application/site is lost. So, instead of gmail.com, microsoft.com, lync.com etc., we only get HTTPS_inspection_bypass as an application, swallowing all the included domains, making reports somewhat lacking in precision.

I'm quite sure this is by design, but is there a way around that?

top_apps.JPG

 

0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2020-11-27 09:04 AM

Perhaps instead of creating a single object, you create multiple and put them in a group in the rule instead?

0 Kudos
Amir_Senn
Employee
Employee
‎2020-11-29 12:45 AM

I suggest going to the filters and filter this application out.

Select "Application Name" "Not Equals" "<custom_application_name>"

If you have issues with that you can also try to use "Custom Filter"

Kind regards, Amir Senn
0 Kudos
D_W
Advisor
‎2020-12-01 12:01 AM
In response to Amir_Senn

Hello

it seems I have the same question (https://community.checkpoint.com/t5/Logging-and-Reporting/Show-application-group-members-in-reports/...)..

So now I added these filters but now i do not see any hits from this custom application right?

Cheers,
David

0 Kudos
Borut
Collaborator
Collaborator
‎2020-12-01 12:40 AM
In response to D_W

Hi

yes, i have the same concern. If you're talking about report filters, then nothing contained in the custom app will show in the report. 

@D_W probably described our intentions better in his post: We would prefer to see the group members instead of the groups in the reports.

0 Kudos
anstelios
Collaborator
‎2022-05-04 05:22 AM

2022 still this is the default behavior..

Is there a way to enforce logs/reports to ignore custom application category tag (not the data, just the tag) and try to show the real application on the report/log ??

A lot, if not all, of customers are asking for this...

0 Kudos
Jimmy_Noel
Participant
‎2023-03-12 05:57 AM

Hello!

Are there any updates on this issue?

We recently switched our url-filter from another vendor to checkpoint.
We need reports to see every website (not grouped by custom application objects).
(We have several custom applications with about 100 urls.)
We can not present this kind of report to our internal affairs department.

Maybe are there any workarounds?

0 Kudos
Amir_Senn
Employee
Employee
‎2023-03-12 09:21 AM
In response to Jimmy_Noel

If you want to see all the application you will need to use a table widget.

The tables are also limited to a specific number that could be shown on screen but if you edit the view/report settings and check the "Split table over multiple pages" and select your table and "No page limit". Now when you perform export on this view it will show all the matches will split it across as many pages as needed.

Kind regards, Amir Senn
Capture.PNG
Preview file
77 KB
0 Kudos
anstelios
Collaborator
‎2023-03-12 10:19 AM
In response to Jimmy_Noel

Very common issue after migrating from another vendor.

The only solution still remains what PhoneBoy said on the first answer,
Ditch the custom applications containing 100 URLs, and create one custom application for each URL with a name that is related to the URL so you can understand it in the reports... !!!
Then group these custom applications so you can use the groups in the rules.

Harsh,,,, I know..!!!

 

0 Kudos
Jimmy_Noel
Participant
‎2023-03-17 09:53 AM
In response to anstelios

Thank you for your replies.
Well i unterestimated the amount of url entries.
In total we have above 3000 url entries... (yes) 
So we are still thinking about alternatives.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top