Is there a way to see recipient and sender forensic data in Content Awarness blade logs?

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!

Join the Photo Contest!

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hi everyone,

I've just enabled Content Awarness blade and it's a very useful blade to see what files are being transferred inbound and outbound in company e-mail system.

When I started to search and analyze the logs, I became aware that there is no forensic e-mail data like most important sender,and recipient fields... Without sender and recipient information in an e-mail security log file it's useless, cause it's like a FW log without source and destination.

As a matter of course, I asked this feature to local CP Tukey support and they escalated my question to CP Global. The answer is below which never satisfies me:

Hello Turgut

Here you are our develepor replay for your Issue

-You will only see sender and received when the Email is destined to the Check Point MTA.
-MTA supports TE. AV and Anti-Spam.
-Content awareness will not work with MTA and the Emails are processed in streaming mode (smtp). Therefore the logs will not show sender and receiver details

Regards,

Medhat Girgis – Technical Support Engineer

As a customer I'm willing the to have forensic e-mail security related data fields in SmartLog and also willing to have e-mail related syntax (like receipt, sender, subject etc) for Threat Emulation, Threat Extraction,Anti-Spam & E-Mail Security, Content Awareness blades and features.

Thanks

Evren Buyer

‌ ‌ ‌ ‌ threat extraction ‌