This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nabil_l
Explorer
‎2024-07-30 01:58 AM

Threat Prevention

Can any one provide me some info regarding Threat Prevention and Exception.

I have attached screenshot of my lab environment.

After log show IPS detect and i was doing exception for that particular only and selected Apply on Matched Rule. Now i am not able to find where that exception output is located.

I am searching where that entry is recorded. Can anyone guide me.IPS-EXCEPTION.PNG

0 Kudos
7 Replies
AkosBakos
MVP Silver
MVP Silver
‎2024-07-30 07:35 AM

Hi @nabil_l 

I suppose that, you are searcing for this:

2024-07-30 16_33_31-Cloud Demo Server [ID_569643830]-R81.20-SmartConsole.png

----------------
\m/_(>_<)_\m/
0 Kudos
nabil_l
Explorer
‎2024-07-30 07:45 AM
In response to AkosBakos

Hello AkosBakos,

Thank you for your response.  As per my screenshot when I try to add exception and Apply on = Add to global Exception Group (Apply on All Rules), it will show on the same tab as you have share on screenshot, but when I click on Apply on = Apply on match rule I was not able to see any record same like you have mentioned.

0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2024-07-30 07:48 AM
In response to nabil_l

Hi @nabil_l 

Have you choosen the right policy? I mean that, if you have more policies, you are searcing in the right one?

A

----------------
\m/_(>_<)_\m/
0 Kudos
nabil_l
Explorer
‎2024-07-30 07:53 AM
In response to AkosBakos

That is the lab environment and newly created VM Gateway, I was just testing exception case on IPS. So there is no more setting or config. I have only created one IPS strict profile clone and it detected on IPS event in log and by right clicking on that specific log I click on add exception, but when at last I click on Apply on = Apply on match rule, I am not able to see any exception. I just want to know where that record are saved so that in future I can again remove for exception.

0 Kudos
nabil_l
Explorer
‎2024-07-30 07:56 AM
In response to nabil_l

Can you just provide me some info on how exception work when we finaly click one of the two option i have highlighted in my picture.IPS-EXCEPTION.PNG

0 Kudos
AkosBakos
MVP Silver
MVP Silver
‎2024-07-30 08:05 AM
In response to nabil_l

Hi @nabil_l 

I see, and what about that rule, where the trafic hts the IPS rule? There was't created a layer for the excepton?

A

----------------
\m/_(>_<)_\m/
0 Kudos
nabil_l
Explorer
‎2024-07-30 08:12 AM
In response to AkosBakos

Traffic hit the IPS rule and exception was created but i didnt find where is the entry for that exception when i want review that exception.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events