This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nader_Assi
Explorer
‎2017-06-26 08:13 AM

Events tab in R80.10 removed?

Hi,

I've noticed that many tabs in R80.10 SmartEvent GUI client have been removed, especially the "Events tab". I didn't find any official notes from CP regarding this change. I'm assuming it has been integrated inside the R80.10 SmartConsole however I can't find any equivalent of the legacy "Events Tab".

Can anybody confirm this change? And how/where to review the Events (other than using the Views)?

Thanks,

Nader

0 Kudos
11 Replies
Marko_Keca
Contributor
‎2017-07-27 03:42 AM

Hello Nader,

You're right, Events tab is integrated in R80.10.

I had conversation with Check Point Management Technology Leader about that topic and here are the answers:

Regarding integration:

"As I understand, you had recently upgraded your SmartEvent server to R80.10 and you are missing some of the tabs that existed before.

I would like to let you know that this is actually by design, as the tabs you are “missing” are actually integrated into the SmartConsole and removed from the legacy SmartEvent GUI."

Regarding replacement:

"The replacement for the Events tab is simply the Logs tab in R80.10 under Logs & Monitor section."

Regards,

--

Marko

0 Kudos
PBC_Cyber
Contributor
‎2017-07-27 11:00 AM
In response to Marko_Keca

It also appears to occur when using r77 management, So does that mean R80.10 smartevent is no longer backwards compatible, because the documentation seems to indicate otherwise.

Bryan

0 Kudos
PhoneBoy
Admin
Admin
‎2017-07-27 12:32 PM
In response to PBC_Cyber

Yes, it is still backwards compatible.

The lack of "Events" tab has nothing to do with backward compatibility, it's just the UI in R80+ is very different from R77.x

Along the top of the Logs and Monitor view, you will see a tab with a plus; click that.

From there, you can select the view/report you are interested in (similar to how the Events tab worked).

If there's something specific you'd like to see from the Events tab in R77.x that you can't find in R80.10, let me know.

0 Kudos
Pravesh_Jangbah
Explorer
‎2017-10-24 05:58 AM

I'm unable to find the button/menu to close events.

The Admin Guide does not mention closing events, did that change also?

0 Kudos
PhoneBoy
Admin
Admin
‎2017-10-24 07:08 AM
In response to Pravesh_Jangbah

The ticketing features are missing from SmartEvent R80.10 currently, as documented here: Check Point R80.10 Known Limitations

0 Kudos
Amos_Reiss
Employee
Employee
‎2018-05-24 12:13 AM
In response to PhoneBoy

Customers that use ticketing today in SmartEvent on R77.30 and needs an upgrade please ask your SE to open RFE ticket to solution center so we can plan it.

Botond_Velkei
Explorer
‎2018-02-15 06:43 AM

In fact, I can't find the events generated based on the "Event Policy" settings in any views in the "Logs & Monitor" section. Also, in the R77.30 Smart Event, you could view the "important security events" under the "event" tab, not limited to the IPS or Threat prevention events.
What I'm missing is the firewall blade's security related events in a view, that should contain the "Event Policy" based events (like. scans from external host) and the "Inspection settings" based events (like non compliant dns).

0 Kudos
PhoneBoy
Admin
Admin
‎2018-02-15 09:34 AM
In response to Botond_Velkei

They are not prebuilt but it's easy to create a view with this information.

I don't recall if I got the views EXACTLY as they were in R77.x, but this should be enough to get you started to create whatever view you're looking for.

I created a view that looks something like this:

To create a view, in Logs and Monitor (or in SmartView) you click the Plus, then click Views > New > New Views

Give it a name, Click Ok.

Then you create a couple of widgets:

The filter for this widget is:

The Inspection Setting widget looks like:

The filter: 

(Note I also checked the two "Engine Settings" options as well)

Botond_Velkei
Explorer
‎2018-02-16 01:03 AM
In response to PhoneBoy

Thanks for your ideas!

In fact, I've started to create my own views and reports too, but gave it up since I've found it's not working as intended. 

In views, if I add a new field in the widget settings, sometimes the content / result of the widget is empty, and even so if I delete the new field, the original content is gone and the table is empty. :S I need to re-crate the widget from scratch.

Also, in the reports, the filtering has bugs. Sometimes, adding an additional filtering criteria makes the report unusable. A red mark appears at the filtering setting, and the settings can not be corrected. Even after restarting the client, it remains the same, and I have to create a new report. 

Thanks anyway! I'm sure I will create views based on your suggestions! Smiley Happy

0 Kudos
Kfir_Dadosh
Collaborator
‎2018-02-18 09:12 AM
In response to Botond_Velkei

Hi Botond,

Can you please share your debug logs with us, so we can look into the filter "red mark" error?

As for the events grid, it was removed in R80.10, and we are planning to add a new feature in R80.20 to allow grouping logs, giving a similar, but more powerful, experience to the Event Grid.

We used to have a view called Correlated Events, although now I see it is missing, but as Dameon suggested, you can create your own pretty easily (aside from the issues you are experiencing).

0 Kudos
Botond_Velkei
Explorer
‎2018-02-21 07:03 AM
In response to Kfir_Dadosh

Hi Kfir,

I've opened a case at CP, so they are going to investigate it tomorrow via a remote session. I'll get back with the result. Smiley Happy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events