Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
portfast
Explorer

smartevent correlation unit problem

Hi all, i've been configuring for an event on my smartevent server that detects when 10 address spoofing logs in 20 seconds. But i can't get daily notification mails for specified ip addresses as i want with this settings, am i missing something? thanks,

 

smartevent.png

0 Kudos
5 Replies
PhoneBoy
Admin
Admin

SmartEvent works with Session logs by default.
For regular rules, you can turn them into Session logs with: https://support.checkpoint.com/results/sk/sk150452

Not sure if you can do this with Anti-Spoofing since that’s a Connection log and there’s no explicit rule.
Might require checking with TAC.

0 Kudos
the_rock
Legend
Legend

Does evstop; evstart help at all?

0 Kudos
Amir_Senn
Employee
Employee

The correlated event is generated and the issue is the email notification?

Can you share the automatic reaction you attached to the event?

Kind regards, Amir Senn
0 Kudos
portfast
Explorer

actually it correlates and sends automatic reaction via email when i install the event policy but never correlates and sends notification again even though it exceeds the treshold values

0 Kudos
Amir_Senn
Employee
Employee

Is it out of the box event or something new that you created?

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events