Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
tecnico
Participant

Pesonalized Reports

Hi,

 

We would know if we could create a personalized Report ("LOG & EVENTS") that includes the following information:

 

-VPN tunnels availability and if it´s in error or no.

-Identify if the gateway is communicating or no with Smart-1 Cloud.

-Realized attacks against the devices from outside or inside.

-Notify by email when an attack is executed against the devices from outside or inside.

-If there are gateways software updates availables.

-Identify those cases in which there are any accesses to a restricted policies.

 

Which information from these is posible to be included in the personalized Report?

 

Thanks for all.

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

You can't necessarily run a report on all of these things so they'll show up in Logs and Events.
Gateways and Servers will tell you if a gateway is currently communicating or not.
To see if a VPN tunnel is up or not, you can use SmartView Monitor or use a SmartConsole extension like the following to monitor: https://community.checkpoint.com/t5/SmartConsole-Extensions/Show-VPN-Tunnels/m-p/157756#M242 
Notification via email would require explicit configuration with the SmartEvent UI, which I believe should be available to Smart-1 Cloud customers.

Note there are several "out of the box" Threat Prevention reports available...have you reviewed any of them to see if they meet your needs?
Not sure what you mean by a "restricted policy" exactly, can you elaborate?

tecnico
Participant

Hi,

 

thanks for all.

I mean blocking rules with "restricted policy".

tecnico
Participant

Ok, but is there any possibility that a report can be made including all these information?

 

Thanks for all.

0 Kudos
PhoneBoy
Admin
Admin

SmartEvent can only run reports on information that is logged (i.e. shows up as a discrete log entry in Log and Events).
A lot of the information you've asked for isn't explicitly logged, therefore you cannot run a report on it.
Anything that hits a specific rule in your Access or Threat Prevention policy, you should be able to run a report on.
I would encourage you to read the product documentation: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_LoggingAndMonitoring_AdminGu... 

Properly configured monitoring with a third party tool should be able to give you a lot of the information you're looking for.
See the Skyline project, which exports the data using OpenTelemetry and provides some sample Grafana dashboards.
Some of this data can also be obtained by SNMP.
Presumably, you can also get reports from these tools as well.

0 Kudos
tecnico
Participant

How can I see power Checkpoint disconnections in a range of time?

 

_Val_
Admin
Admin

@tecnico please elaborate the use case a bit

0 Kudos
tecnico
Participant

Imagine that a checkpoint was accidentally turned off yesterday and turned on again today, how can I record the day it was turned off?

 

Thanks for all.

0 Kudos
PhoneBoy
Admin
Admin

As noted before, you can only run reports on things that are actually logged.
Power outages are not explicitly logged, only inferred from other logs (or the lack of logs).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events