cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Employee
Employee

Where are the IPS protection Follow-up flags?

Jump to solution

Is there a new way to handle IPS protection updates?

0 Kudos
1 Solution

Accepted Solutions

Re: Where are the IPS protection Follow-up flags?

Jump to solution

several additions to the IPS Protections page for R80.10 (currently available in EA through Check Point User Center):

- Logs for all protections in current filter: When you filter the protections, you can select to see logs for all the given protections by the filter. Available from either the toolbar under "Actions", or from the logs bottom pane by clicking "Show logs for all protections in this view". This can be used to see logs for all protections marked as staging which, as some of you mentioned, is a gap closure from R77.30. Logs for IPS Protections in staging is also available from the SmartLog or SmartEvent queries tree.

 

Your feedback is welcome.

Updated toolbar:

toolbar.png

Updated bottom pane:

bottompane.png

IPS-related queries from Logs & Monitor:

ipstree.png

0 Kudos
2 Replies

Re: Where are the IPS protection Follow-up flags?

Jump to solution

Follow-up flags are not supported in R80. They are expected to return with new capabilities in the next releases of the Security Management - the option to have multiple categories of flags, for example.

Staging Mode takes more presence in R80. After performing an IPS Update, all new protections are in "staging mode", which is Detect, with a small icon that represents that no manual action was yet taken by the admin. The IPS Protections view has a filter "staging" on the right-side of the view.

For more on Staging IPS Protections, see What are IPS Staging Protections? And how do we clear them?

Re: Where are the IPS protection Follow-up flags?

Jump to solution

several additions to the IPS Protections page for R80.10 (currently available in EA through Check Point User Center):

- Logs for all protections in current filter: When you filter the protections, you can select to see logs for all the given protections by the filter. Available from either the toolbar under "Actions", or from the logs bottom pane by clicking "Show logs for all protections in this view". This can be used to see logs for all protections marked as staging which, as some of you mentioned, is a gap closure from R77.30. Logs for IPS Protections in staging is also available from the SmartLog or SmartEvent queries tree.

 

Your feedback is welcome.

Updated toolbar:

toolbar.png

Updated bottom pane:

bottompane.png

IPS-related queries from Logs & Monitor:

ipstree.png

0 Kudos