This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tony_Graham
Advisor
‎2025-04-23 08:26 AM
Jump to solution

AI Example

Very interesting idea. I think in your example you are going to need additional checks or the notifications are going to get out of hand. Imagine an IPS attack coming from a block range of IP's, or even revolving IP's in the case of a botnet and receiving a notification for every hit. Probably also need the ability to do a sanity check and approve any newly created AI rule.

(1)
1 Solution

Accepted Solutions
Tal_Ben_Bassat
Employee
Employee
‎2025-04-25 12:03 AM
Jump to solution

Great point- and you're absolutely right!

To avoid alert fatigue, we’ve built in several ways to add smart conditions to the Log Trigger step.

For example, you can ask the AI to trigger only on consecutive attacks, or define conditions like:

  • Counting logs within a specific time frame
  • Counting distinct values (e.g., unique source IPs)

  • Suppressing repeated logs to avoid noise

We’ve also recently added a powerful new condition that lets you filter logs based on IP Geo-location, using fields directly from the logs.

I’ve attached a few screenshots below so you can see it in action.

And regarding newly created AI automations, users can review, re-generate, and fully edit the automation at any time before enabling it. 

Thanks again for raising this - it's an important consideration!

 

Count logs - distinctCount logs - distinctSuppress logsSuppress logsCount logs - occurrences by fieldCount logs - occurrences by fieldIP Geolocation - included/ excluded from specific countriesIP Geolocation - included/ excluded from specific countriesMany options for conditions on logsMany options for conditions on logs

View solution in original post

1 Reply
Tal_Ben_Bassat
Employee
Employee
‎2025-04-25 12:03 AM
Jump to solution

Great point- and you're absolutely right!

To avoid alert fatigue, we’ve built in several ways to add smart conditions to the Log Trigger step.

For example, you can ask the AI to trigger only on consecutive attacks, or define conditions like:

  • Counting logs within a specific time frame
  • Counting distinct values (e.g., unique source IPs)

  • Suppressing repeated logs to avoid noise

We’ve also recently added a powerful new condition that lets you filter logs based on IP Geo-location, using fields directly from the logs.

I’ve attached a few screenshots below so you can see it in action.

And regarding newly created AI automations, users can review, re-generate, and fully edit the automation at any time before enabling it. 

Thanks again for raising this - it's an important consideration!

 

Count logs - distinctCount logs - distinctSuppress logsSuppress logsCount logs - occurrences by fieldCount logs - occurrences by fieldIP Geolocation - included/ excluded from specific countriesIP Geolocation - included/ excluded from specific countriesMany options for conditions on logsMany options for conditions on logs

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events