@Amir_Senn I can never remember, will try it later in the lab...adding sam rules does not need policy install, right?

Best,

Andy

Correct

Thats what I thought...thanks!

Good morning Amir and thank you.

I've set two rules under "Scans" as you can see using SmartEvent.  The automatic actions are email and block source.  See Pic:

When I go into SmartView Monitor there are no rules active:

Any ideas about what may be wrong?

Thanks again!

Hey brother,

I could be mistaken when I say this, but Im fairly positive blocking those settings in smart event does NOT add any entries in  SAM rules portion.

Also, question for @Amir_Senn ...sorry to hit you with so many ?s, apologies, but just curious, is there a way to say add bulk of IPs in sv monitor for sam rules, ie import csv file rather than keep adding entries manually? I checked all the settings, but does not appear that might be possible...

Best,

Andy

Thanks Andy.  So the rules I added are not SAM rules or...they are but not shown in SmartView Monitor (if that's the case that's confusing no?)  

From the link I published before, the syntax for adding a rule is this:

fw [-d] sam_policy add [-u] -a {d|n|b} [-l {r|a}] [-t <Timeout>] [-f <Target>] [-n <"Rule Name">] [-c <"Rule Comment">] [-o <"Rule Originator">] [-z "<Zone>"] ip <IP Filter Arguments>

I think that even a bash script can be easily implemented here.

Every IP has it's own row, with a loop according to the number of rows in the file. If you want all settings to be the same you can just insert IP in appropriate place in the command. Additional fields will require additional columns in the file.

Definitely adds SAM rule. Here's an example I just did in my lab:

If you don't see a rule there I would say the thing to check is that the event you selected was matched. Best way to see is if a correlated event log was created: