This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Kavan
Advisor
Advisor
‎2025-02-14 08:42 AM
Jump to solution

smartevent alerts

 

RE: credential guessing

So, I have smart event set to 

1. send me an email

2. block source for a day

 

I noticed that I received the email but the source was NOT blocked for the day.  Which was good since it was a legitimate user, but curious if other users had a similar experience.

I didn't see any SAM blocks from that source IP in smartevent just the email.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2025-02-14 12:46 PM
In response to Daniel_Kavan
Jump to solution

There are a limited number of SAM rules supported.
The SAM database will need be purged.
Go to the relevant gateway object and check the "Purge" box.
Push policy.
Go back to the object and disable the "Purge" box.
Push policy again.
Or you can leave the auto-purge on and set a value for it (5mb was the last maximum I saw for this).

image.png

View solution in original post

6 Replies
the_rock
Legend
Legend
‎2025-02-14 09:37 AM
Jump to solution

Any other logs about it?

Daniel_Kavan
Advisor
Advisor
‎2025-02-14 10:02 AM
In response to the_rock
Jump to solution

Good idea!

Failed to add the following dynamic (SAM) rule: Action: Reject , Source IP: xx.63.x.xxx, Expiration: 86400 seconds, Track: Alert, Additional Info: sam file size exceeded

0 Kudos
the_rock
Legend
Legend
‎2025-02-14 10:03 AM
In response to Daniel_Kavan
Jump to solution

Got a screenshot of it?

Andy

0 Kudos
Daniel_Kavan
Advisor
Advisor
‎2025-02-14 10:31 AM
In response to the_rock
Jump to solution

failed to SAM drop for dayfailed to SAM drop for day

0 Kudos
the_rock
Legend
Legend
‎2025-02-14 12:53 PM
In response to Daniel_Kavan
Jump to solution

What Phoneboy sent sounds like a good solution for that.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2025-02-14 12:46 PM
In response to Daniel_Kavan
Jump to solution

There are a limited number of SAM rules supported.
The SAM database will need be purged.
Go to the relevant gateway object and check the "Purge" box.
Push policy.
Go back to the object and disable the "Purge" box.
Push policy again.
Or you can leave the auto-purge on and set a value for it (5mb was the last maximum I saw for this).

image.png

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top