This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
hcampuzano
Participant
‎2023-09-28 10:59 AM

Traffic report of a single rule.

Hello mates,

I was requested to audit a couple of firewall rules. A report looks like the best option to accomplish that.

However, when trying to generate a report on the Smart View, by filtering the UID of that rule, I don't get any result.

I've tried the following queries with no luck:

rule:46f0ee3b-026d-45b0-b7f0-5d71f6d8eb10

layer_uuid_rule_uuid:*_46f0ee3b-026d-45b0-b7f0-5d71f6d8eb10

Both queries return empty searches. BTW, the rule has several hits.

Is it possible to get the report from the SmartView filtering the rule UID?

If not, what would be my best option?

Appreciated is any help.

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2023-09-28 11:55 AM

If you search for the raw UUID (i.e. without rule: or layer_uuid_rule_uuid) it should work.

0 Kudos
hcampuzano
Participant
‎2023-09-28 01:16 PM
In response to PhoneBoy

It works only for Logs, not for Views or Reports.
I'm working with Smart View R81.20.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-28 01:27 PM
In response to hcampuzano

Screenshots of what you're attempting to do where in the product might be helpful.
Also, what kind of logs exactly are you filtering on?
Not all logs (connection logs in the firewall) are indexed by default, for instance. 

0 Kudos
hcampuzano
Participant
‎2023-09-28 01:32 PM
In response to PhoneBoy

What I would like to get is a Network Activity Report of all the traffic matching an specific rule.
I thought the best way to accomplish it would be filtering by the rule UUID, like when looking for firewall logs..
Thanks for the assistance.

Network Activity Report by UUID.png

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-28 07:46 PM
In response to hcampuzano

That only shows me the report.
It doesn't tell me what steps you attempted to do.
I believe the correct way to do it is to select the Report Filter from the Options menu and add a filter:

image.png

However, that assumes the logs you are attempting to report on are indexed.
If the rule you are attempting to run reports on is a DROP rule, then you will need to modify it to ensure Sessions are logged.
See: https://support.checkpoint.com/results/sk/sk150452

If neither of these things apply, I suggest a TAC case: https://help.checkpoint.com 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events