This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JasminThejojo
Explorer
‎2023-12-01 06:39 AM
Jump to solution

Similar logs For Identity Awareness

Hi,

I have searched from qradar and got similar logs as below. The only different item is "sequencenum", is this desired situation? 

Any advice would be appreciated.

Best

Jasmin

 

LEEF:2.0|Check Point|Identity Awareness|1.0|Log In|devTime=devtime               usrName=xxx   cat=Identity Awareness  action=Log In     ifdir=inbound               logid=logid     loguid={aaa}               origin=ip              originsicname=zzz              sequencenum=6               version=5            auth_method=User Authentication (Active Directory)            auth_status=Successful Login      client_name=Active Directory Query               client_version=R81.10     domain_name=domain_name       endpoint_ip=ip_address              identity_src=AD Query   identity_type=user           snid=sn_id   src=src              src_user_group=src_user_group               src_user_name=xxx

LEEF:2.0|Check Point|Identity Awareness|1.0|Log In|devTime=devtime               usrName=xxx   cat=Identity Awareness  action=Log In     ifdir=inbound               logid=logid     loguid={aaa}               origin=ip              originsicname=zzz              sequencenum=7            version=5            auth_method=User Authentication (Active Directory)            auth_status=Successful Login      client_name=Active Directory Query               client_version=R81.10     domain_name=domain_name       endpoint_ip=ip_address              identity_src=AD Query   identity_type=user           snid=sn_id   src=src              src_user_group=src_user_group               src_user_name=xxx

 

 

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-12-01 07:42 AM
In response to JasminThejojo
Jump to solution

Two logs for the same event that close to each other doesn't seem correct.
Best to check this with TAC: https://help.checkpoint.com 

View solution in original post

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-12-01 07:05 AM
Jump to solution

Is the issue you’re seeing multiple logs for what appears to be the same event?
How far apart are the logs and how many “duplicates” appear?

We do send multiple logs via Log Exporter for the same session (every 10 minutes or so).
This is probably expected behavior.

0 Kudos
JasminThejojo
Explorer
‎2023-12-01 07:39 AM
In response to PhoneBoy
Jump to solution

Hi,

Thanks for your answer. There are two events for login and logout with the same devtime. (not every 10 minutes)

Best

Jasmin

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-12-01 07:42 AM
In response to JasminThejojo
Jump to solution

Two logs for the same event that close to each other doesn't seem correct.
Best to check this with TAC: https://help.checkpoint.com 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events