Re: Traffic visual presentation from logs

mjovovic · ‎2022-02-18

Hello Team,

I have only one rule (accept all "clean-up") in the security policy.

We need granular policy above cleanup rule and to put cleanup action at the end to Drop.

Customer is "blind" to traffic, no requirments and specification.

Is there any of rule log analyzing without going manually through logs in smart console?

Any script to present traffic (IP's, ports, services,...) in HTML or similar?

It would save our lives 🙂

Thank You in advance.

Chris_Atkinson · ‎2022-02-18

Such tools typically present your existing policy in a Web format.

Since yours is not yet defined there are two options that come to mind, engage PS to assist in performing log analysis.

You might also choose to investigate NDR to help gain some valuable insights.

CCSM R77/R80/ELITE

Juan_ · ‎2022-02-18

Is smartevent enabled? Have you tried the predefined views and reports?

You could also enable app-control and url filtering to start getting insights above layer 4.

I'd also suggest, from a layer 4 perspective:

Connstat analyses snapshots of the connections table.

And CPmonitor analyses traffic captures.

Juan

mjovovic · ‎2022-03-11

Hello,

Smart Event is enabled. I tried with reports but it is not so relevant to catch all services in details.

Tal_Paz-Fridman · ‎2022-03-11

You could try to use the views generated by the Monitoring blade (it needs to be enabled).

Go to - SmartConsole > Gateways & Servers > select the relevant Security Gateway > apply Monitor

Monitor - Top Services.jpg

the_rock · ‎2022-02-18

Try below link:

Are you a member of CheckMates?