This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
tecnico
Participant
‎2023-01-20 03:48 AM

Pesonalized Reports

Hi,

 

We would know if we could create a personalized Report ("LOG & EVENTS") that includes the following information:

 

-VPN tunnels availability and if it´s in error or no.

-Identify if the gateway is communicating or no with Smart-1 Cloud.

-Realized attacks against the devices from outside or inside.

-Notify by email when an attack is executed against the devices from outside or inside.

-If there are gateways software updates availables.

-Identify those cases in which there are any accesses to a restricted policies.

 

Which information from these is posible to be included in the personalized Report?

 

Thanks for all.

0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2023-01-23 07:59 AM

You can't necessarily run a report on all of these things so they'll show up in Logs and Events.
Gateways and Servers will tell you if a gateway is currently communicating or not.
To see if a VPN tunnel is up or not, you can use SmartView Monitor or use a SmartConsole extension like the following to monitor: https://community.checkpoint.com/t5/SmartConsole-Extensions/Show-VPN-Tunnels/m-p/157756#M242 
Notification via email would require explicit configuration with the SmartEvent UI, which I believe should be available to Smart-1 Cloud customers.

Note there are several "out of the box" Threat Prevention reports available...have you reviewed any of them to see if they meet your needs?
Not sure what you mean by a "restricted policy" exactly, can you elaborate?

tecnico
Participant
‎2023-01-24 07:51 AM
In response to PhoneBoy

Hi,

 

thanks for all.

I mean blocking rules with "restricted policy".

tecnico
Participant
‎2023-01-24 07:53 AM
In response to PhoneBoy

Ok, but is there any possibility that a report can be made including all these information?

 

Thanks for all.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-01-24 10:28 AM
In response to tecnico

SmartEvent can only run reports on information that is logged (i.e. shows up as a discrete log entry in Log and Events).
A lot of the information you've asked for isn't explicitly logged, therefore you cannot run a report on it.
Anything that hits a specific rule in your Access or Threat Prevention policy, you should be able to run a report on.
I would encourage you to read the product documentation: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_LoggingAndMonitoring_AdminGu... 

Properly configured monitoring with a third party tool should be able to give you a lot of the information you're looking for.
See the Skyline project, which exports the data using OpenTelemetry and provides some sample Grafana dashboards.
Some of this data can also be obtained by SNMP.
Presumably, you can also get reports from these tools as well.

0 Kudos
tecnico
Participant
‎2023-01-24 08:54 AM
In response to PhoneBoy

How can I see power Checkpoint disconnections in a range of time?

 

_Val_
Admin
Admin
‎2023-01-25 12:32 AM
In response to tecnico

@tecnico please elaborate the use case a bit

0 Kudos
tecnico
Participant
‎2023-01-25 09:03 AM
In response to _Val_

Imagine that a checkpoint was accidentally turned off yesterday and turned on again today, how can I record the day it was turned off?

 

Thanks for all.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-01-25 11:16 AM
In response to tecnico

As noted before, you can only run reports on things that are actually logged.
Power outages are not explicitly logged, only inferred from other logs (or the lack of logs).

0 Kudos
Upcoming Events

    Sort by:
    CheckMates Events