Identity Awareness Client Statistics

Vincent_Bacher

📊 IDA Statistics Analyzer - Comprehensive Analysis for PDP & PEP Sessions

I've created a Python script that analyzes Check Point Identity Awareness data from ida_tables_util and generates detailed statistics reports.

🎯 What it does

PDP Session Analysis - Organizations, domains, authentication methods, client types, IP ranges, hourly patterns
PEP Client Database Analysis - Session TTL, user types, geographic distribution
Demo Mode - Generate synthetic data for testing (no real data exposure)
Automated Reports - Saves results to pdp_stats.txt and pep_stats.txt

� Usage

Help / No Parameters

python3 ida_stats.py
usage: ida_stats.py [-h] [-f FILE] [--generate] [--demo] [--table {pdp,pep,both}]

Analyze Check Point IDA Statistics (PDP Sessions and PEP Client Database)

options:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  Input CSV file
  --generate            Run ida_tables_util to generate CSV file
  --demo                Use demo data (synthetic data for demonstration)
  --table {pdp,pep,both}
                        Which table to analyze (default: both)

Examples:
  # Analyze both PDP and PEP (demo mode):
  python ida_stats.py --demo

  # Analyze specific table with file:
  python ida_stats.py --table pdp -f ida_tab_pdp_sessions.csv
  python ida_stats.py --table pep -f ida_tab_pep_client_db.csv

  # Generate and analyze (requires Check Point system):
  python ida_stats.py --table pdp --generate
  python ida_stats.py --table pep --generate
  python ida_stats.py --table both --generate

Generate Mode Example

[Expert@gateway:0]# python3 ida_stats.py --table both --generate
Running: ida_tables_util -t pdp_sessions
CSV file created: ida_tab_pdp_sessions.csv
Parsing PDP CSV file: ida_tab_pdp_sessions.csv
Found 8542 PDP sessions
PDP statistics saved to: pdp_stats.txt
Running: ida_tables_util -t pep_client_db
CSV file created: ida_tab_pep_client_db.csv
Parsing PEP CSV file: ida_tab_pep_client_db.csv
Found 7891 PEP entries
PEP statistics saved to: pep_stats.txt

Demo Mode (Privacy-Safe)

python ida_stats.py --demo

Analyze Existing CSV Files

python ida_stats.py --table pdp -f ida_tab_pdp_sessions.csv
python ida_stats.py --table pep -f ida_tab_pep_client_db.csv

📈 Sample Output

================================================================================
  PDP SESSION STATISTICS
================================================================================

Total Sessions: 500
  - User Sessions: 475 (95.0%)
  - Machine Sessions: 25 (5.0%)
  - Terminal Server Sessions: 120 (24.0%)

--- Client Type Distribution ---
  Identity Agent                            380 ( 76.0%) ###################
  Terminal Server Identity Agent            120 ( 24.0%) ######
  Identity Collector                          0 (  0.0%)

--- Top 15 Organizations ---
 1. Global Insurance Corp                                 62 ###############
 2. TechSecure Solutions                                  58 ##############
 3. Finance Bank International                            54 #############
 4. Manufacturing Industries Ltd                          51 ############
 5. Healthcare Systems Group                              48 ###########

--- Domain Distribution ---
  company.local                             285 ( 60.0%) ############
  corp.internal                             120 ( 25.3%) #####
  enterprise.net                             70 ( 14.7%) ###

--- IP Address Analysis ---
  Internal IPs: 300 (60.0%)
  External IPs: 200 (40.0%)

--- Connections by Hour of Day ---
    07:00 - 07:59   42 ################
    08:00 - 08:59   78 ####################
    09:00 - 09:59   85 ####################

Generate Fresh Data from Checkpoint System

python ida_stats.py --generate

💡 Key Features

✅ No external dependencies - uses Python standard library only
✅ Works with CSV output from ida_tables_util -t pdp_sessions and -t pep_client_db
✅ Handles both active and inactive PDP/PEP services gracefully
✅ Generates separate reports for easier analysis
✅ Demo mode with synthetic data for presentations
✅ Cross-platform (Windows, Linux, macOS)

📋 Statistics Included

PDP Sessions	PEP Client Database
• Session types (User/Machine) • Top organizations • Authentication domains • Client types & versions • Authentication methods • PDP server distribution • IP analysis (internal/external) • Hourly connection patterns • User type analysis • Terminal Server details	• Total PEP entries • Top organizations • PDP server distribution • Client IP analysis • User type classification • Session TTL statistics • Internal vs external IPs

🎓 Example Workflow

# On Check Point Gateway
[Expert@gateway]# python3 ida_stats.py --demo

# Output
============================================================
PDP DEMO MODE - Using synthetic data
============================================================
Generating demo data...
Generated 500 demo sessions
Found 500 PDP sessions
PDP statistics saved to: pdp_stats.txt
============================================================
PEP DEMO MODE - Using synthetic data
============================================================
Generating PEP demo data...
Generated 400 PEP demo entries
Found 400 PEP entries
PEP statistics saved to: pep_stats.txt

⚠️ Notes

All status messages go to stderr, statistics go to files - no console clutter
Use --demo mode when sharing examples publicly (synthetic data only)
Reports use ASCII characters for maximum compatibility
Handles large datasets efficiently (tested with 13,000+ sessions)

Questions? Feedback? Let me know!

Tested on Check Point R82 with Python 3.13

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

the_rock

Will try this in the lab Friday.

Best,
Andy

Filters

Sort By

Categories

Identity Awareness Client Statistics

📊 IDA Statistics Analyzer - Comprehensive Analysis for PDP & PEP Sessions

🎯 What it does

� Usage

Help / No Parameters

Generate Mode Example

Demo Mode (Privacy-Safe)

Analyze Existing CSV Files

📈 Sample Output

Generate Fresh Data from Checkpoint System

💡 Key Features

📋 Statistics Included

🎓 Example Workflow

⚠️ Notes

📊 IDA Statistics Analyzer - Comprehensive Analysis for PDP & PEP Sessions

🎯 What it does

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.