This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Mahadevan
Contributor
‎2023-03-30 02:05 AM

SmartDefense Alert log having NULL in Action Field

Hello All, 

Could please anyone let us know why we are getting NULL as action field in Smart Defense Alert logs. 

- [alert:""; flags:"286784"; ifdir:"inbound";....... 

Will Alert logs of SmartDefense not have value in Action field? 

Also we do see Accept, Drop and Prevent logs in action just the Alert logs are coming as empty in Action field. 

Your assist will be of great help to us. 

Thanks 
Muthu Mahadevan 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-03-30 07:53 PM

What version/JHF?
Can you provide a full log card for the relevant entry in SmartView? (Redact sensitive details)

Mahadevan
Contributor
‎2023-03-30 09:35 PM
In response to PhoneBoy

Hello, 

Thanks for your response. Below is our log for SmartDefense Alert log. 

- [alert:""; flags:"286784"; ifdir:"inbound"; loguid:"{0x886d04f8,0x275c7b0c,0x370475f0,0x77efba26}"; origin:"x.x.x.x"; originsicname:"cn=cp_mgmt,o=CHKP_R81..b792qm"; sequencenum:"11"; time:"1677752746"; version:"5"; attack_info:"SYN Defender: New config has been loaded: Disabled"; confidence_level:"5"; industry_reference:"CVE-2002-1433, CVE-1999-0116, CA-1996-21"; performance_impact:"5"; product:"SmartDefense"; protection_id:"SynAttackConfiguration"; protection_name:"SYN Attack"; protection_type:"protection"; severity:"3"; smartdefense_profile:"No_protection_5c852822be90f306"; syn_defender:"SYN Defender: New config has been loaded: Disabled"]

Could you please also let me know if all the alert logs will have Field value as Null for Action

or will some Alert logs in SmartDefense will have value to the field - alert:"" ? 

Your assist will be of great help to us. We are using Version R81 

Thanks 
Muthu Mahadevan 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-03-31 09:31 AM
In response to Mahadevan

The Action field is likely null because this log was not in regards to a specific flow.

For information about the various fields and expected values, see: https://support.checkpoint.com/results/sk/sk144192

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events