This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rolando_Panez
Employee
Employee
‎2016-03-23 09:43 AM
Jump to solution

Where are the IPS protection Follow-up flags?

Is there a new way to handle IPS protection updates?

0 Kudos
1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor
‎2017-04-20 02:53 AM
Jump to solution

several additions to the IPS Protections page for R80.10 (currently available in EA through Check Point User Center):

- Logs for all protections in current filter: When you filter the protections, you can select to see logs for all the given protections by the filter. Available from either the toolbar under "Actions", or from the logs bottom pane by clicking "Show logs for all protections in this view". This can be used to see logs for all protections marked as staging which, as some of you mentioned, is a gap closure from R77.30. Logs for IPS Protections in staging is also available from the SmartLog or SmartEvent queries tree.

 

Your feedback is welcome.

Updated toolbar:

toolbar.png

Updated bottom pane:

bottompane.png

IPS-related queries from Logs & Monitor:

ipstree.png

View solution in original post

0 Kudos
2 Replies
Tomer_Sole
Mentor
Mentor
‎2016-03-24 12:23 AM
Jump to solution

Follow-up flags are not supported in R80. They are expected to return with new capabilities in the next releases of the Security Management - the option to have multiple categories of flags, for example.

Staging Mode takes more presence in R80. After performing an IPS Update, all new protections are in "staging mode", which is Detect, with a small icon that represents that no manual action was yet taken by the admin. The IPS Protections view has a filter "staging" on the right-side of the view.

For more on Staging IPS Protections, see What are IPS Staging Protections? And how do we clear them?

Tomer_Sole
Mentor
Mentor
‎2017-04-20 02:53 AM
Jump to solution

several additions to the IPS Protections page for R80.10 (currently available in EA through Check Point User Center):

- Logs for all protections in current filter: When you filter the protections, you can select to see logs for all the given protections by the filter. Available from either the toolbar under "Actions", or from the logs bottom pane by clicking "Show logs for all protections in this view". This can be used to see logs for all protections marked as staging which, as some of you mentioned, is a gap closure from R77.30. Logs for IPS Protections in staging is also available from the SmartLog or SmartEvent queries tree.

 

Your feedback is welcome.

Updated toolbar:

toolbar.png

Updated bottom pane:

bottompane.png

IPS-related queries from Logs & Monitor:

ipstree.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top