This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Juan_Concepcion
Advisor
‎2017-09-27 02:03 PM

R80.10 SmartEvent

I am starting this discussion in an effort to get feedback on what other's experiences are with SmartEvent.  It seemed like it was solid up until R80.10.  Since this build I've had multiple issues with the product:

  1. R80.10 SME --> R80.10 (Upgraded Manager) - can't get the database to sync
  2. R80.10 SME --> R77.30 - couldn't get them to communicate and after some digging found that they were having issues communicating via sic.  Had to go into $FWDIR/conf/fwopsec.conf and uncomment line 54 on both devices and restart services for it to work.
  3. R80.10 SME --> R80.10 (Fresh build) -- Everything seems to work fine but when I try to log into SmartEvent settings it just pops up the login prompt.
  4. R80.10 SME doesn't send e-mails for scheduled reports (runs them fine)
  5. R80.10 SME when configuring a scheduled report e-mail address disappears when you change the time schedule and save.

Would be very interested in finding out what other folks experiences were.

6 Replies
Danny
MVP Platinum
MVP Platinum
‎2017-09-27 04:05 PM

SmartEvent R80.10 is the best Event Analyzer, Viewing and Reporting Tool I have ever seen.

It's easy to set up, features all kind of customization options, allows for quick and easy Security Check Up's, even provides languages support, handles third-party log formats, also connects to an R77.30 Security Management Server, can be completely managed Web-based (SmartView) within your browser > I recommend this to all our customers.

https://smartevent.server/smartview

Report Generation was an issue sometimes, but Check Point fixed it, so install the latest HFA.

When setting it up, don't forget to configure it via the classic SmartEvent GUI initially (C:\Program Files (x86)\CheckPoint\SmartConsole\R80.10\PROGRAM\AnalyzerClient.exe) in order to define Correlation Units, Install Event Policy, define Automatic Reactions such as E-Mail Alerts etc. The SmartEvent reports and views can then easily be generated via the consolidated R80.10 GUI.

0 Kudos
Juan_Concepcion
Advisor
‎2017-09-27 04:16 PM
In response to Danny

While I appreciate the copy/paste I'd like some real world feedback.

Thanks,

Juan

Danny
MVP Platinum
MVP Platinum
‎2017-09-27 04:22 PM
In response to Juan_Concepcion

This is real world feedback. You described a lot of issue's I'm not experiencing when working with SmartEvent at all. I've taken the screen shots and information above from actively running SmartEvent servers and didn't copy them off a website or something.

0 Kudos
Juan_Concepcion
Advisor
‎2017-09-27 05:13 PM
In response to Danny

Again appreciate the feedback.

Sent from my iPhone

0 Kudos
Daniel_Kavan
MVP Gold
MVP Gold
‎2022-04-15 06:41 AM

I love smartevent.    And the auditors want to see more.  Is there a way to export the policy?  For every audit I have to take screen shots of every defense policy ie Scans section, DoS, Anomalies, etc .   I see an option File - Export Events to csv file, but its grayed out.  Plus, I suspect that is for events not the policy itself.    Seeing the policy in a pdf or csv might make it easier for the security team & auditors to review.  And save me from using the snipping tool.

the_rock
MVP Platinum
MVP Platinum
‎2022-04-15 06:54 AM
In response to Daniel_Kavan

I believe you are correct, I could not find option to export the policy either, just the events. I agree it would be nice to have that ability. Happy holidays : - )

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events