This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
constant69
Contributor
‎2021-03-23 12:53 AM
Jump to solution

Monitor the application usage for our users

Hello Team,

 

We are trying to monitor the application usage for your users.

HTTPS Inspection is enabled.

I have attached a afileand you can see from the screenshot provided, that some applications that we have in the rule explicitly work correctly, but something like Facebook, does not.

From what we have observed, we need to explicitly place the application in the application section. Since Facebook was not, but Evernote was, Evernote was logged in, but not Facebook.

 

I hope I can find somebody here to confirm that.

 

Regards

Preview file
359 KB
0 Kudos
1 Solution

Accepted Solutions
constant69
Contributor
‎2021-04-01 12:27 PM
In response to Martin_Raska
Jump to solution

The solution consist to select "Detailed Log" in the field Track

image.png

View solution in original post

0 Kudos
13 Replies
G_W_Albrecht
Legend Legend
Legend
‎2021-03-23 01:10 AM
Jump to solution

screenshots are much too small to be able to see anything, and i do not understand your question !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
constant69
Contributor
‎2021-03-23 01:16 AM
In response to G_W_Albrecht
Jump to solution

image.png

I have attached a screenshot of the both rules.

 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-03-23 02:42 AM
In response to constant69
Jump to solution

But what is your question ? This rule does not make sense to me, as you allow something, and in next rule, allow all ?

I can see neither evernote nor faceboog here...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
constant69
Contributor
‎2021-03-23 02:54 AM
In response to G_W_Albrecht
Jump to solution

We are trying to monitor the application usage for your users and my intention was to create only one rule (the second in the picture) and I have created both rule for the following test

- If we gain access to “evernote” or “gmail”, the rule 1 of layer “Application” log correctly field “Application Control”
- If we gain access to another “Application Control” (Like Facebook), the rule 2 of layer “Application” does not log the field “Application Control”.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-03-23 03:11 AM
In response to constant69
Jump to solution

Look into https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_NexGenSecurityGateway_Guide/... on how to do this! As long as no services and applications are added to the column, rule will not match, also see sk73220 ATRG: Application Control for details of matching.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
constant69
Contributor
‎2021-03-24 02:11 AM
In response to G_W_Albrecht
Jump to solution

I'm going to read sk73220 ATRG again, maybe I forgot something.

Precision: the rule 2 match for others applications (Those not specified in the rule 1), but the logs related to this rule 2  haven't got the information related to "Application Control"

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2021-03-24 02:15 AM
In response to constant69
Jump to solution

You can ask TAC and let them explain it to you 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2021-03-23 01:50 PM
In response to constant69
Jump to solution

Set the Track for Rule 2 to be Detailed Log as otherwise it is not necessary for App Control to be active for this rule to be enforced otherwise.

constant69
Contributor
‎2021-03-24 02:07 AM
In response to PhoneBoy
Jump to solution

I have tried set the track for rule 2 to be Detailed Log and the result is the same: this rule match but I still haven't got the information related to "Application Control"

0 Kudos
Martin_Raska
Advisor
Advisor
‎2021-03-24 03:28 AM
In response to constant69
Jump to solution

are you look at logs with blade: Application Control?

0 Kudos
constant69
Contributor
‎2021-03-24 08:44 AM
In response to Martin_Raska
Jump to solution

Yes!

0 Kudos
Martin_Raska
Advisor
Advisor
‎2021-03-30 02:18 AM
In response to constant69
Jump to solution

Show us the rules you are trying to hit and the exact log you are actually hitting.

0 Kudos
constant69
Contributor
‎2021-04-01 12:27 PM
In response to Martin_Raska
Jump to solution

The solution consist to select "Detailed Log" in the field Track

image.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events