Hi Oren.

Do you have to have all four blades enabled to use the reports?

-Jason

Hey Jason,

you dont need them four to be enabled to get some of the logic.

lets take an example for detected malicious mails:

((blade:ips AND action:Detect AND ("Adobe Reader Violation" OR "Content Protection Violation" OR "Mail Content Protection Violation" OR "SMTP Protection Violation" OR "Phishing Enforcement Protection" OR "Adobe Flash Protection Violation") AND confidence_level:(Medium OR Medium-High OR High)) OR (blade:"Threat Emulation" AND action:Detect AND confidence_level:(Medium OR Medium-High OR High)) OR (blade:Anti-Virus AND action:Detect AND confidence_level:(Medium OR Medium-High OR High)))  AND smtp

you can see in this query the different blades and what we are looking for in each and one of them in the high-level query.

if you have only one blade enable - you will get only a part of the 'story'. if you will enable all of them - you will get the full story of the mail vector with multiple stages of protection in different layers (Network/File protection(IPS) -> known Hashs(Anti-Virus) ->Zero-Day attacks(Threat Emulation)

if you dont have all of them enabled in your network - i can advice you to talk to your SE and enable them for a short period of time.....in this way you will be able to see the full value of the product + already divided to attack vectors.

if you want to share with me the results you have now and discuss them for better understanding the attack flows against your network - you are welcome to send me an email (+add your SE as a CC)

Thanks,

Oren

Awesome. Thank you for sharing

Nice Dashboard. I have imported template in my LAB. Nice look.

Thanks,

if you have any insights/changes you think we should do - please contact me.

Very good !!!

Oren,

Thank you for sharing!

One thing I would like to note is that the text in some of the grid-based widgets is obstructed:

When you go into editing mode and display grid lines, the text is shown properly, as it is in the green frame.

However, in normal view, the bottom line is only partially shown, as depicted in the red frame highlighted section.

I do not see the means of adjusting the frames to accommodate the text properly.

I am not sure if it's simply my inability to find the right setting or a minor bug, but would appreciate you looking into it.

Thank you again,

Vladimir

Hey,

i will look into it.

the simple solution is to use a different template for the text box.

i am working on the next release for Check Mates and i think it will be possible to fix it for it.

will post a new version in few days and it will be great if you could test it.

Thanks,

Oren

It'll be my pleasure.

Much thanks! The main dashboard runs fine for me but none of the CKC views will not produce any results. Do you have any idea why that is or a way for me to make them work?

ofcorse. 

if you could share screenshots it can help me to understand better and have a solution for it.

if you prefer a short zoom session so i will fix it specifically for you and add the fix to the Check-Mates release of next week it can be great also.

I'm open for a Zoom session. I'll email you shortly. 

More business questions from the community

Hey all,

for the next-next version (not the one i will release next week) i am looking for more dashboards you would like to have for threat prevention events.

i am interested to understand what are the interesting questions you want to have an answer for. (like 'how many malicious mails was sent to my network' OR 'how many RECON attempts i had on my network')

i got lots of mails, inputs and zoom sessions from the community and based on your inputs, upgraded the threat dashboard for R80.10 & R80.20 upcoming release.

please keep sending me your inputs and if there is a need for a zoom session and dedicated investigation on your logs, please send me the need and we will coordinate time for it.

Thanks,

Oren

1.2 Version

the original attached file in the post was updated

Hey all,

as promised, based on your inputs & zoom sessions, i updated the threat dashboard:

• Queries optimize
• Text alignments
• Colors changes for better understanding
• clean icons (we are preparing the new icons for the dashboard in this days)
• better order of the different views

please keep send me your inputs.

Thanks,

Oren

Hi Oren,

Thanks for the Update. It is really nice to have such dashboard where we can easily see important activities.

Looks much cleaner and easier on the eyes.

Thank you for continued efforts to get it refined and published so fast!

Hey,

Thanks for the feedback!

please keep sending me improvements for the threat dashboard, your inputs are very important for us!

already working on the next version update.

Nice one !

Hi Oren,

I am looking for URL Filtering - specific user report. I have tried to make custom user report but not able to pull all the data. Also it takes lot of time to go with all the TAB and see how it looks.

Please let me know if you have any template for such report.

Excellent template , most useful. Thanks a lot for saving my time...

Hi Gaurav,

if you can be more specific on what you want to see in the report/view - i can try to help.

Hey Vladimir,

Thanks for the input.

after taking it with the UX team (to discuss the way of presentation in R80.20), one of the inputs was to present the text as hover and delete all the small lines of texts from the main page. in the next few days i will upload a newer version with hovers that i think you would like.

regard the align of the grid - will take it internally to verify that this is the behavioral we wanted to achieve...

Thanks again for your inputs!

Oren

Hi Oren,

Do you have any plans for implementing icons that represents all the different types of icons the R80.10 uses?

For example using the icon for detect  and possibility to one owns icons?

Thanks

Hi Oren,

After number of R&D, I succeed to produce report for one specific user. I have included below parameters.

Web Categories accessed by User

URL accessed by User

Browse Time

Time stamp

Suspicious activity by user

Number of blades used by User

However if you have any template, you can share so that I can explore more. 

Hey Kim,

ofcorse! we already created the relevant icons.

will check if will be relevant only for R80.20 or also for R80.10

Thanks,

Oren

Hey Oren,

I will be looking forward to see the result in R80.20.

Also it would be nice to upload your own icons with three different pixel sized.

Thanks

Kim

Hey Kim,

i think its a very good RFE.

just remember that uploading an external file is always risky (you are using it today in mobile access, i know) and you are the uploader BUT because of the security risk, the development of this kind of feature will not be extremely short.

Thanks,

Oren