This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Marcos_Martinez
Explorer
‎2017-07-24 06:40 AM

Drop Logs Analyzer

Hi Team, My name is Marcos and I would like to find the most efficient way to analyze the drops recorded at the CheckPoint logs (SmartLog R77.30). This way I can identify if there are valid communications that need to be allowed in our network or if we may need to contact the source of these drops to stop sending not permitted packets.

I hope someone can help me with the appropriate tool/knowledge to perform this task.

Something interesting could be to find the way to sort these drops based on source/destination IP address, the number of times they are hitting the firewall...

Thanks for your help in advance.

Best regards,

Marcos M.

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2017-07-24 07:20 AM

Unfortunately, the amount of detail you get from a Drop log won't necessarily tell you whether it should be permitted or  not as that's a matter of the specific policy your organization has set.

That said, you can easily find all the drops and find "top talkers" and the like in SmartLog.

Use the search term Action:Drop in order to find all the recent dropped and logged packets.

You can then drill into the top sources/destinations as appropriate.

As you click items under the "Tops" tab on the right, your search terms will be adjusted to show only packets that match that criteria.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events