This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
maxtaan
Contributor
‎2023-08-13 02:19 AM
Jump to solution

Want to monitor, who change/edit the rule/Object in smartconsole.

In my smart console environment, there are several users. They edit and, change the rule as required. By the time, one user edits a log 25 days ago and I want to know who edits that rule by search in future. Is there any option/way to identify which user edits the rule or changes by searching the rule number?

0 Kudos
1 Solution

Accepted Solutions
JozkoMrkvicka
Authority
Authority
‎2023-08-13 06:28 AM
Jump to solution

1. Copy rule UID by right-click on the affected rule number and select "Copy Rule UID"

2. Open Audit Logs and paste copied rule UID into search string

3. Select proper timeframe (all time)

As long as the audit logs are not deleted or overwritten, you should be able to see all actions for affected rule (who and when created that rule, who and when changed that rule, who and when disabled/deleted that rule).

Kind regards,
Jozko Mrkvicka

View solution in original post

0 Kudos
3 Replies
JozkoMrkvicka
Authority
Authority
‎2023-08-13 06:28 AM
Jump to solution

1. Copy rule UID by right-click on the affected rule number and select "Copy Rule UID"

2. Open Audit Logs and paste copied rule UID into search string

3. Select proper timeframe (all time)

As long as the audit logs are not deleted or overwritten, you should be able to see all actions for affected rule (who and when created that rule, who and when changed that rule, who and when disabled/deleted that rule).

Kind regards,
Jozko Mrkvicka
0 Kudos
Blason_R
Leader
Leader
‎2023-08-13 06:49 AM
Jump to solution

Simple way set up a elasticsearch and and filebeat and route your logs from checkpoint mgmt server using cp_log_export with cef forwarder and that way you  can create dashboard or setup alerts if you are using opensearch.

This is defacto mechanism I use

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
maxtaan
Contributor
‎2023-09-16 10:48 PM
Jump to solution

Hello @JozkoMrkvicka 

Thank uou so much. Following this, my problem is solved.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top