Hi everyone,
I've just enabled Content Awarness blade and it's a very useful blade to see what files are being transferred inbound and outbound in company e-mail system.
When I started to search and analyze the logs, I became aware that there is no forensic e-mail data like most important sender,and recipient fields... Without sender and recipient information in an e-mail security log file it's useless, cause it's like a FW log without source and destination.
As a matter of course, I asked this feature to local CP Tukey support and they escalated my question to CP Global. The answer is below which never satisfies me:
Hello Turgut
Here you are our develepor replay for your Issue
-You will only see sender and received when the Email is destined to the Check Point MTA.
-MTA supports TE. AV and Anti-Spam.
-Content awareness will not work with MTA and the Emails are processed in streaming mode (smtp). Therefore the logs will not show sender and receiver details
Regards,
Medhat Girgis – Technical Support Engineer
As a customer I'm willing the to have forensic e-mail security related data fields in SmartLog and also willing to have e-mail related syntax (like receipt, sender, subject etc) for Threat Emulation, Threat Extraction,Anti-Spam & E-Mail Security, Content Awareness blades and features.
Thanks
Evren Buyer
threat extraction