Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rolando_Panez
Employee
Employee
Jump to solution

Where are the IPS protection Follow-up flags?

Is there a new way to handle IPS protection updates?

0 Kudos
1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor

several additions to the IPS Protections page for R80.10 (currently available in EA through Check Point User Center):

- Logs for all protections in current filter: When you filter the protections, you can select to see logs for all the given protections by the filter. Available from either the toolbar under "Actions", or from the logs bottom pane by clicking "Show logs for all protections in this view". This can be used to see logs for all protections marked as staging which, as some of you mentioned, is a gap closure from R77.30. Logs for IPS Protections in staging is also available from the SmartLog or SmartEvent queries tree.

 

Your feedback is welcome.

Updated toolbar:

toolbar.png

Updated bottom pane:

bottompane.png

IPS-related queries from Logs & Monitor:

ipstree.png

View solution in original post

0 Kudos
2 Replies
Tomer_Sole
Mentor
Mentor

Follow-up flags are not supported in R80. They are expected to return with new capabilities in the next releases of the Security Management - the option to have multiple categories of flags, for example.

Staging Mode takes more presence in R80. After performing an IPS Update, all new protections are in "staging mode", which is Detect, with a small icon that represents that no manual action was yet taken by the admin. The IPS Protections view has a filter "staging" on the right-side of the view.

For more on Staging IPS Protections, see What are IPS Staging Protections? And how do we clear them?

Tomer_Sole
Mentor
Mentor

several additions to the IPS Protections page for R80.10 (currently available in EA through Check Point User Center):

- Logs for all protections in current filter: When you filter the protections, you can select to see logs for all the given protections by the filter. Available from either the toolbar under "Actions", or from the logs bottom pane by clicking "Show logs for all protections in this view". This can be used to see logs for all protections marked as staging which, as some of you mentioned, is a gap closure from R77.30. Logs for IPS Protections in staging is also available from the SmartLog or SmartEvent queries tree.

 

Your feedback is welcome.

Updated toolbar:

toolbar.png

Updated bottom pane:

bottompane.png

IPS-related queries from Logs & Monitor:

ipstree.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events