This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Amir_Haiman
Employee
Employee
‎2018-08-29 01:39 AM

Now we allow You to define your own Gaia OS Best Practices

Compliance blade has a new ability to create new Gaia OS #best practices.

As you know, #compliance blade provides customers with security monitoring of other software blades against a built-in library of security best practices.

Examples of GAIA OS best practices create by check point expertise:

 

ID

Best Practice Blade

Security Best Practice

OS103

Gaia OS

Check that Network Access via Telnet is disabled

OS104

Gaia OS

Check that the IPv4 Static Routes contains a default route

OS108

Gaia OS

Check that the System Clock is set automatically using NTP

Now we allow our customers to define their own Gaia OS Best Practices.

 

How to create your own Best Practice for GAIA OS

If the user is accessing Compliance Blade for the first time: Click “LOGS & MONITOR”  => open a new tab by clicking  "+"  => Views => Compliance

Click "See All"

Click "New" => ‘Gaia OS Best Practice’

Enter Best Practice Name, Description, Action Item, Practice Script, Expected Output and click "OK".

Your new Gaia Best Practice will be added to the list of Best Practices And click "Publish".

 Navigate to MANAGE & SETTINGS => Blades => Select 'Compliance Settings'=> Select "Rescan"

After Rescan, click "OK".

Navigate to 'LOGS & MONITOR => Compliance'. The scan results for the new Gaia OS Best Practice are displayed.

FAQ

What is a “best practice”?

 A best practice is a specific recommendation developed by Check Point which defines the optimal way to configure Check Point security and management blades. Best practices receive a security status that helps you to understand how well the best practice is currently implemented in your own environment.

For which versions this feature is working?

This dashboard was created for R80.20 version and above.

Thanks,

Amir

Preview file
1 KB
2 Replies
Danny
Champion
Champion
‎2018-08-28 08:28 AM

My best practice:

 

  1. Check that community.checkpoint.com is accessible.
  2. Check that our ccc script  is installed.
  3. Check that Gaia Healthcheck is installed and up-to-date as it doesn‘t yet check for updates itself.
Amir_Haiman
Employee
Employee
‎2018-08-29 01:41 AM

Example:

Let say, for example that you what to verify that your Web Access is set for SSL version 3 on the Platform.

Just create your own best practice:

Name: Check that the Web Access is set for SSLv3 on the Platform.

Description: This checks that the Web Access to the GUI is set for SSLv3.

Action Item: Validate the SSLv3 settings are enabled on the configuration set on the Gaia OS.

Proactive ScripLink

Expected Output: on