This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
MattDunn
Advisor
‎2021-09-07 05:47 AM

Anti-Bot Correlated Logs

When I filter on Blade:Anti-Bot all I see is this.  When I open a log card I have no meaningful information.  What is causing these logs? 

Should I worry, or just ignore them? 

If I should worry - why? 

If I should ignore them - how do I stop them from happening in the first place?

AB.png

Labels
0 Kudos
3 Replies
Bjoern_Baumann
Participant
‎2022-05-17 08:02 AM

Have you managed to figure out the meaning of these logs?

0 Kudos
MattDunn
Advisor
‎2022-05-17 08:08 AM
In response to Bjoern_Baumann

Nope!  I'd still like to though.

I'm upgrading this particular system later this week from R80.40 to R81.10 so I'll see if that makes any difference...

0 Kudos
Timothy_Hall
Champion
Champion
‎2022-05-20 05:30 AM
In response to MattDunn

My first impression is that these correlated logs were just showing anti-bot scanning statistics (Scan Hosts ...), but the presence of "CU (Correlation Unit) Rule" means that it has something to do with SmartEvent.  Looks like a false positive, see here: sk105300: SmartEvent Server sends out email alerts for Anti-bot detection with no corresponding logs...

 

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos