Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Simon_Moore
Explorer

Alerting on attacks from SMP

Documentation says that SMP can be used to alert when attacks are seen.  I take "attacks" to mean any significant events that a SIEM would raise as an issue worthy of immediate investigation.

How do you configure this.  I can only see events for SMP outages and high level SMP operations aspect - NOT attacks on a client box.  I would like to get emails when certain thresholds are reached.  Is this out of scope for SMP and should i be looking at R80?

0 Kudos
4 Replies
Pedro_Espindola
Advisor

SMP has the R77.30 managemente blades. If you have the license for SmartEvent, you can use it to send the alerts by email, SNMP traps or custom script.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

SMP has NO R77.30 managemente blades because it is a completely different product ! Concerning reports by email:

"Security reports can be rebranded and are automatically generated and emailed to customers at predefined intervals and can also be viewed directly from the SMP management interface. Security reports include information about blocked attacks, detected viruses, filtered web sites and more."

Concerning real-time alerts, the choice is very small:

"In addition, SMP offers powerful realtime monitoring tools that enable you to see the status of the SMP server and connected devices at a single glance. You can use real-time alerts and notifications to proactively support your customers and notify them of connection outages, VPN tunnel drops or attacks, all before the customers become aware of these problems."

If you need SmartEvent features and Email Alerts, you better manage the SMB devices by a CP R80.10 SMS and not by SMP.

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Pedro_Espindola
Advisor

Hello Günther,

Installing a Security Management Server is a pre-requisite for installing an on premise SMP. Security Management Portal Installation Guide R12.30 page 17.

You can use SmartLog and even access SmartDashboard and create objects so their names appear in the logs.

I don't know how the licensing works during purchase, but if you have a SmartEvent license you can definitely use it. I've tested it with alerts and all.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

That is very good to know !

CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events