I'm trying to be able to identify via LEA when an inline rule is being hit. Currently LEA is only returning the rule uid of the Parent rule.
For example if you had a policy that looked something like:
Rule 1 Action: Inline_Layer_1
Rule 1.1
Rule 1.2
Rule 1.3
I'd consider Rule 1 the parent rule and Rule 1.1, 1.2, 1.3 the child rules.
Let's say that Rule 1 and Rule 1.1 were hit.
Currently via LEA we are getting the rule uid of Rule 1. However we're not getting the rule uid of Rule 1.1. So we can tell how many hits an entire Inline policy is getting (which equals the number of hits of Rule 1), however we're unable to tell via LEA which of the Inline rules are being utilized.
Since you have to tell LEA what fields to include in the data it sends, what identifier do we need to utilize to get LEA to send the rule uid of a child inline rule when hit.
| User | Count |
|---|---|
| 9 | |
| 5 | |
| 5 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management WorkshopThu 05 Dec 2024 @ 10:00 AM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - EMEATue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsThu 05 Dec 2024 @ 10:00 AM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - EMEAThu 05 Dec 2024 @ 05:00 PM (CET)
Impactful Intelligence: Introducing Check Point Infinity External Risk Management - AMERTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
